I have a database which has a list of users inside it with a password.
So they get authenticated using their username/password and once authenticated are prompted to enter another password (stored inside the database).
Now my problem is that the second login form is web based so I have to be able to compare the password field entered by the user and the stored value in the user’s profile. (It’s no a profile document per se just a regular document which happense to have config info on it)
Now with this approach the password is visible if I use the properties box and find the password field. It has now been requested that that password be encrypted.
I’m aware you can have a private encryption key for each user, but the users aren’t Notes based. Most of them do have a client, but they basically use the Intranet portal to access databases so the users are all web only.
My understanding is that private encryption requires the key to be added to the Notes ID, but web users don’t use the Notes ID to authenticate.
Is there a way to
1- Encrypt the field in the backend short of hiding the entire design of the database?
2- Preserve the authentication mechanism for the passwords already in place inside the database?
Luc Millette