Re: Notes Domino Server Platform for e-commerce?

[derek () INFINET COM (Derek Reynolds)]

To date I have seen 0 issues with password problems and Notes/Domino.  The
Notes password is stored in an ID file.  For Inet use, the password is
like I said, stored within a database which is encrypted in a field. (64bit
International/128bit North American).

If you want a more robust web server, try WebSphere.  IBM's HTTPD.  A
great 'E-Commerce' webserver with tons going for it.  Check it out.

-Derek

Tuesday, February 08, 2000, 11:22:37 PM, you wrote:

BF>> some folks in my company would like to install an e-commerce
BF>> web-server based on Lotus Domino 5.0. Does anybody have concerns
BF>> about the vulnerability of Notes/Domino regarding this purpose?

ME> Any special reason? or is that the only thing they are able to
ME> install/configure/maintain?

> > Lotus Domino/Notes version 4.6x and 5 is secure.

ME> That's an odd thing to say, not entirely true -- by definition.

> > Notes passwords are stored in the NAB which can be secured with
> > encryption.

ME> Wow, what kind? prop.? let's hope it's not a simple xor :)

> > Be sure to change the default ACL access on the Domino configuration
> > dB and the Web Admin dB to NO ACCESS

ME> Be sure to use a free, well audited, web daemon, apache is a good
ME> choice, and besides, why use a beast such as Domino as an e-commerce
ME> server? security aside, can it take the load?

BF>> face. Is there anybody who can confirm this? If so, is there
BF>> anybody who knows whether I can suppress this kind of hacking
BF>> with a firewall?

ME> Firewall is a broad concept, what will best suit you here is a proxy kind
ME> of firewall, which inspects the web traffic (in your case).
ME> besides, even the "best" firewall will give you nearly nothing when
ME> improperly configured.

ME>         Marc Esipovich.

ME> ---
ME> root is only a few clicks away...