Vulnerability Development mailing list archives
Re: Notes Domino Server Platform for e-commerce?
From: derek () INFINET COM (Derek Reynolds)
Date: Tue, 8 Feb 2000 19:41:57 -0500
To date I have seen 0 issues with password problems and Notes/Domino. The Notes password is stored in an ID file. For Inet use, the password is like I said, stored within a database which is encrypted in a field. (64bit International/128bit North American). If you want a more robust web server, try WebSphere. IBM's HTTPD. A great 'E-Commerce' webserver with tons going for it. Check it out. -Derek Tuesday, February 08, 2000, 11:22:37 PM, you wrote: BF>> some folks in my company would like to install an e-commerce BF>> web-server based on Lotus Domino 5.0. Does anybody have concerns BF>> about the vulnerability of Notes/Domino regarding this purpose? ME> Any special reason? or is that the only thing they are able to ME> install/configure/maintain?
Lotus Domino/Notes version 4.6x and 5 is secure.
ME> That's an odd thing to say, not entirely true -- by definition.
Notes passwords are stored in the NAB which can be secured with encryption.
ME> Wow, what kind? prop.? let's hope it's not a simple xor :)
Be sure to change the default ACL access on the Domino configuration dB and the Web Admin dB to NO ACCESS
ME> Be sure to use a free, well audited, web daemon, apache is a good ME> choice, and besides, why use a beast such as Domino as an e-commerce ME> server? security aside, can it take the load? BF>> face. Is there anybody who can confirm this? If so, is there BF>> anybody who knows whether I can suppress this kind of hacking BF>> with a firewall? ME> Firewall is a broad concept, what will best suit you here is a proxy kind ME> of firewall, which inspects the web traffic (in your case). ME> besides, even the "best" firewall will give you nearly nothing when ME> improperly configured. ME> Marc Esipovich. ME> --- ME> root is only a few clicks away...
Current thread:
- fooling hubs [ARP Spoofing] David aka SpanskA (Feb 03)
- Re: fooling hubs [ARP Spoofing] Panagiotis Malakoudis (Feb 03)
- Re: fooling hubs [ARP Spoofing] Robert van der Meulen (Feb 04)
- Re: fooling hubs [ARP Spoofing] Trevor Schroeder (Feb 04)
- Re: fooling hubs [ARP Spoofing] Jeff Bachtel (Feb 05)
- Re: fooling hubs [ARP Spoofing] H D Moore (Feb 07)
- Notes Domino Server Platform for e-commerce? Baasner, Frank (Feb 07)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 08)
- Re: Notes Domino Server Platform for e-commerce? Marc Esipovich (Feb 08)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 08)
- Re: Notes Domino Server Platform for e-commerce? Marc Esipovich (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Blue Boar (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Mark L. Jackson (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Allan Jacobsen (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Wozz (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Ryan R Permeh (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Crispin Cowan (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Ryan PErmeh (Feb 10)