CODEWITHSUNDEEP
lotus-noteslotusscript
atom
atom

Reputation: 191

HTTPPassword field not encrypting

I have recently upgraded my IBM Domino server from v9.01 to v10.1. I have a LotusScript agent that creates a user in the NAB and sets the HTTPPassword field.

The code is as follows:

            docPerson.Type = "Person"
            docPerson.LastName = req.iSurname(0)
            docPerson.FirstName = req.iFirstName(0)
            docPerson.FullName = req.iFirstName(0) + " " + req.iSurname(0) + " " + req.iCompany(0)
            docPerson.MailAddress = req.iEmail(0)
            If req.IMEPassword(0) = "" Then
                req.IMEPassword = getRandom()
            End If
            docPerson.HTTPPassword = "HelloWorld" 
            docPerson.CompanyName = req.iCompany(0)

            Call docPerson.ComputeWithForm( False, False )
            Call docPerson.Save( False, True )

Since the upgrade, the HTTPPassword field is no longer hashed. It is displayed in the NAB in plain text, as per the code, where previously it was hashed (eg it was displayed like "(68A58FFF6684AFD161FD5682C152C122)".

My work around is to manually enter the password and save the record in the NAB.

The design of the NAB has been updated.

I have not found any information on how this might have changed with the upgrade. Any thoughts?

I have checked that the design on the NAB did update correctly. All design elements appear to be displaying correctly.

Upvotes: 1

Views: 910

Answers (1)

Michael Ruhnau
Michael Ruhnau

Reputation: 1399

I recommend to generate the hashed password yourself instead of using the "quick-and-dirty” computeWithForm method. Depending on your setup you can either use @Password or @HashPassword - the latter when more secure internet passwords are enabled in your domino directory. You can use this code to generate the hash: 

Dim pw As String
Dim ret As Variant
pw="HelloWorld"
ret = Evaluate(|@HashPassword(pw)|)
Print ret(0)

There is an interesting article which can be found here with more details on the matter of password hashes : http://techlab.ytria.com/6047/lotus-notes-articles/deep-dive-domino-security-part-1-understanding-ibm-domino-password-hashes/

Upvotes: 3

Related Questions