Different Encryptions
Written by WishBoNe on December 8, 2006 – 9:17 pmOften, we have to create some links that are visible for users to change their passwords. Some companies have their own portals and may not be using commercial based because they like their own logos on the portal instead. I have hit a snag before the upgrade from R5 to R7. Big jump, huh?
We have a link that will allow users to change their Internet passwords on our portal. It works when we change it in the Person document in the names.nsf but it doesn’t work when we change it using the link that does the function. A really scary thing is that the password is in clear text when we use the link. It’s not encrypted! How?
The IBM consultant told us that the encryption has changed from each version. So we’re in deep soup. Oh god. Has anyone had the same situation before? How did you resolve it?
Posted in Design, Domino, IBM, Lotus Notes, Programming, Technology |
December 26th, 2006 at 9:22 am
It can happen if someone changed in the code which writes the password to the person document.
After agent (or external application) writes a plain password to the HTTPPassword field, it must also execute doc.computewithform(true,true) method before saving the document. Without this method the situation will be exactly like you experience it.
There can be other reasons too, but this is the most obvious reason I can think of.
I also remember that when using “more secure Internet password” setting, the password was automatically encrypted when saving document. If this behaviour changed between R5 and R7, the result would be an unencrypted password. I can’t verify it now by myself, but it can be worth looking at.
December 26th, 2006 at 10:38 am
Thanks Andrei, we’ve discovered some codes written by other developers online on Christmas Eve. It’s working now