Manage Learn to apply best practices and optimize your operations.

Where to store Notes IDs

Explains location options for storing Notes IDs.

In my work as a Notes/Domino consultant, I constantly see new wrinkles on the issue of where to store Notes ID files. Some storage locations work well and are secure, while other locations lead to huge security holes. Also, some schemes make sense for one organization but not for another. So here is a review of various places to store Notes ID files, with my comments on each.

  • ID Recovery database -- A great place to hold backup copies of all Notes ID files. Every organization should use the ID recovery database. If you are not doing so now, it is easy to set up. All new IDs will automatically be stored in the Recovery database and you can also "catch up" by adding existing IDs easily. The Recovery database is extremely secure, since you can specify that two (or more) people must work together to retrieve an ID from the database. For more information see the Domino Administration Help database.

  • Domino Directory (names.nsf) -- This is the default location for newly created ID files and many organizations use it for backup copies of IDs. In my opinion, putting IDs in the Directory is only a good idea on one condition: if the initial passwords for the IDs are unique and of very high quality. Otherwise, you are inviting everyone in the organization to detach someone else's ID and guess the password. For a high-security installation, Notes ID files should never be stored in the Directory.

  • Shared drive on the network -- Notes ID files in a shared network drive can be used as both backup storage for IDs and/or as the primary storage for "live" ID files. In the latter case, the network drive is the location of each person's ID that his or her NOTES.INI points to. My opinion about storing IDs on network drives is similar to my thoughts about using the Domino Directory. If you use a network drive, the IDs better have unique, high-quality passwords. And if you want a really secure environment, don't use network drives at all for ID files.

  • Local disk of personal computer -- This is the standard location for the active Notes ID files in most organizations. This scheme has the advantage that another person can access your ID file only by walking into your office and sitting down at your computer. (I am ignoring system administrators who may be able to map to your C: drive.) If all the offices have locks, this method makes Notes ID files even more secure.

  • Diskette -- For computing environments with high security requirements, this is my preferred method. People keep their Notes ID file on a diskette, which they keep with them at all times. If the only other location for ID files is the Recovery database, this scheme is extremely secure. To be very strict, you can write a security policy that makes each person responsible for all use of his or her ID. If someone else does something wrong with an ID, it is the owner's fault for not protecting the ID. (Of course, this policy would have to be communicated clearly and enforced fairly.) And even with IDs on diskettes, high-quality unique passwords are still a requirement.
Next month I will look at storage of certifier IDs. Feel free to send me an e-mail now letting me know how your organization handles certifier IDs, to strike a compromise between security and convenience. I will include your comments in my article. If you know about other methods for storing IDs that are not listed above, please let me know that also.


Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes. CHC-3 allows companies to outsource their Domino administration needs via DominoAdministration.com and runs the popular security site DominoSecurity.org.

This was last published in July 2003

Dig Deeper on Lotus Notes Domino Database Management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchDataCenter

SearchExchange

SearchContentManagement

Close