Archiv der Kategorie: Security

Re: Make sure that the “Names.nsf” cannot be accessed via Internet!

Because my comments are still awaiting moderation (tried two times hours ago, but no luck), I have decided to answer to this post from Milan in my blog: „Yes, it is not good that these passwords are reachable from „outside“, … Weiterlesen

Veröffentlicht unter Security | Verschlagwortet mit , | 1 Kommentar

Exchange API for Java: Allow *all* type of certificates

I had troubles accessing internal Exchange servers using the EWS Java API because of self-signed SSL certificates (and not matching host names), that’s why I created a patch which overrides the existing certificate check and allows all type of SSL … Weiterlesen

Veröffentlicht unter Exchange, Java, Security | Verschlagwortet mit , , , , , | Schreib einen Kommentar

node.js, domino-db & Docker (12): DominoDB and a big NO-NO?

Disclaimer: This is a response on Heiko’s post about his security considerations with the domino-db module. It is good to have such a discussion, and hopefully this discussion will go on. This is my personal view on this topic. If … Weiterlesen

Veröffentlicht unter Security | Verschlagwortet mit , , | 3 Kommentare

node.js, domino-db & Docker (10): Protecting Proton Keys

Before we are looking into the details how to setup a non-anynomous connection to Domino’s Proton server, I have an advice for protecting the key files required for the connection. The keys are not password protected, and this is a … Weiterlesen

Veröffentlicht unter Docker, ES6, Java Script, node.js, Security | Verschlagwortet mit , , , , , | 1 Kommentar

node.js, domino-db & Docker (8): Security

Security is a big topic when developing node.js applications. A simple helper for writing secure code is the eslint-plugin-security plugin. It checks for common mistakes during writing code, for example using the eval statement with external input, or unsafe RegEx … Weiterlesen

Veröffentlicht unter Java Script, node.js, Security | Verschlagwortet mit , | Schreib einen Kommentar kills productivity

Dear IBM, can you please remove the totally useless java policy restrictions? Especially for agents running on the server? I can’t imagine how much life time and customers money was spent during the last decades just to find a workaround … Weiterlesen

Veröffentlicht unter Java, Security | Verschlagwortet mit , , | Schreib einen Kommentar

The anatomy of a LTPA token

LTPA Token LTPA token are widely used in the IBM world for authentication between different physical machines, also known as WebSSO. There are two three types available, LTPA1, LTPA2 and a Domino format. LTPA1 and LTPA2 are commonly used with … Weiterlesen

Veröffentlicht unter Security, Server | Verschlagwortet mit , , , | 1 Kommentar

XPages & Domino JNA

Karsten Lehmann has published a very promising project named „Domino JNA„, which allows access to the underlying IBM Domino/Notes C API from Java. If you want to use the project in a XPages, you have to add some Java permissions … Weiterlesen

Veröffentlicht unter Java, Security, Server, XPages | 1 Kommentar

REST & Security: Why HTTP GET is insecure (and the other methods too)

Yesterday René commented that submitting username and password with HTTP GET is insecure, because they are submitted in clear text over the wire as part of the URI. At the first moment, I did not give some thought about it, because it is known … Weiterlesen

Veröffentlicht unter REST, Security, Server, Web | Verschlagwortet mit , , , | 2 Kommentare

REST & Security: More about the DominoStatelessTokenServlet

During the last days I have refined the DominoStatelessTokenServlet a little bit. It is now a pre-beta release, and I think it is time to explain some details about it. While it is still a proof-of-concept, it demonstrates how a … Weiterlesen

Veröffentlicht unter Allgemein, Java, REST, Security, Web | Verschlagwortet mit , , , , , , , , | 12 Kommentare