Sean, Your uses have access to the NAB via Notes. Unless of course you make them store all their coworkers email addresses in their local address books and do not allow lookups in the NAB. Thus they can read the NAB and then detach the ID file, eh? Rob Berendt -- Group Dekko Services, LLC Dept 01.073 PO Box 2000 Dock 108 6928N 400E Kendallville, IN 46755 http://www.dekko.com seanmurphy@xxxxxxxxxxx Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx 03/30/2005 02:33 PM Please respond to Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> To domino400@xxxxxxxxxxxx cc Subject Re: Domino ID Files Best Practices C +API tool to hack a notes id? LOL..... That tool does a dictionary attack. Nothing special about that. The only thing is special is they bypassed the time-out. http://lostpassword.com/lotus-notes.htm What security does the user ID have to the system? Say an Admin ID? I would be interested in seeing how you can get the NAB off of the server if you do not have access to the server. The owner of all of objects is QNOTES. Kind of hard to get the file to pull the id out of it. I also am using encrypted NABs on my mail servers as well so even if you got the NAB you could not open it with another notes client. The NAB on my servers is not accessible from the web, default and anonymous is NO ACCESS. We don't store IDs there anyway. We store them elsewhere and of course on the PCs with the notes client, such as my admin id on the PC I am using to compose this email. So if you hacked my Windows Laptop then stole my id, would it not be Windows Security that is the issue? The only way to get and ID is via a Microsoft Windows Hack to steal the ID off of a PC. Then run this PASSWARE tool to hack the id password. The answer would be not to use Windows and notes IDs? That would not be practical. Don't keep IDs on computers anywhere? That would not be practical. No networked computers works as well ala "Battle Star Gallactica"???? We all know we can do anything without networking.............. lf you are concerned about notes id security then the answer is to not have the notes IDs stored anywhere, and use a smartcard or biometric id instead of a standard notes id. If your NAB is secured properly it is much safer than on a Windows File Server or on a Windows PC........... Here are some products that add that extra layer of ID security. Notes supports smart cards and Bio-Metic ID systems. ActivCard Gold 2.2 product Gemplus 3.1 product Gemplus 2.0 product Rainbow iKey 2032 product Schlumberger Cyberflex 4 product Sean ------------------------------------------------------ CONFIDENTIALITY NOTICE: This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please permanently delete the original and any copy of any e-mail and any printout thereof. Thank you for your compliance. _______________________________________________ This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list To post a message email: Domino400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/domino400 or email: Domino400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/domino400.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.