Domino Internet Password

The Internet password is saved in the Httppassword domain of the personal document in the Domino folder, and is used together with the username in the document to access the Dominoserver check when using various Internet protocols. The most frequently used is through Web Access applications, other such as the POP3 protocol to receive mail, LDAP protocol check identity, is also used this set of identity credentials.

The password is saved in the secret text. Before R6, the cryptographic password algorithm was run by the @password formula. Since R6, for higher security, there is a new algorithm that can be run by the @hashpassword formula. The new algorithm can be set through Directoryprofile's use of more secure Internet passwords domain and Domino Administrator Client, which can control the password changed since the effective, the latter can bulk change the existing password. As with so many other mechanisms, the last sign is saved in the document. There is a $securepassword field in the personal document that uses the new algorithm, with a value of "1" and, if not, the old algorithm. This field is updated in the Querysave event of the person form.

A big difference between the two algorithms is that the old algorithm does not change the results of multiple operations on the same clear text, and the new algorithm has different results for each operation of the same plaintext. Therefore, when using the old algorithm, although the password cannot be known from the Httppassword domain value, it is possible to infer whether the password of multiple users is the same, and whether or not the password has been changed by the operation. With the new algorithm, even if the password is not changed, ciphertext will change, users do not know this will also cause misunderstanding.

In LotusScript and Javaapi, the session can be used respectively. Hashpassword () and session. VerifyPassword () Encrypt and verify the password.

Domino Internet Password