Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
41424344454647484950
Chapter 1: Security Risks
1-26
Password Encryption
When an entry search is requested from a client to Smart Repository, the password included in an entry
can be retrieved in the form of an encrypted password string by using a method other than the original
encryption method for user password encryption. Password encryption is a good way of protecting
against the threat of password decryption.
Communication Data Encryption
When operation is requested from a client to Smart Repository, DNs, authentication information
(passwords), and other communication data are used without being encrypted in the initial settings. The
same applies to communication between a master and slave when the replication function is used.
SSL communication is used for the encryption of communication data on a communication path. By
using SSL communication, SSL encryption can be a good measure for countering against the threats of
password decryption and theft even if communication eavesdropping occurs.
For details on SSL communication, refer to "Method for Using SSL in Smart Repository."
Periodic Change of Passwords
It is possible that a password could be guessed or decoded by a malicious person (or computer) on the
communication path. It is recommended that users observe the registration and operation rules for
passwords used in user authentication.
A specific example of password registration rules:
Use a password that is difficult to guess.
Use upper and lower case letters, special characters, and numeric characters together.
Avoid using personal information (names, nicknames, telephone numbers, date of birth, and
so on).
Use eight or more characters for a password.
Change passwords periodically. For example, change a password four times a year (every three
months), and make sure that any new passwords are different from those used in the past.
Operation by Limited Users
As well as the threat of password decryption and theft, not remaining in place while logged in as the
Smart Repository Administrator DN to the Entry Administration Tool can result in unauthorized operation.
An example of unauthorized operation:
The password for an entry is altered or deleted.
To cope with such a threat, it is recommended that operation rules to limit users are established and
observed by users.
A specific example of operation rules to limit users:
The location in which the Entry Management Tool is used is a special location where access is
controlled so that only permitted persons can enter and leave.
When leaving their desks, users must log out or quit the Entry Administration Tool.
When leaving their desks, users must enable the lockout function of their computer monitor
screens.