We have a high amount of user and I need to update the password and the current process is going to Administration manager, then search for the user and change the password, so I want to know if there is a way to do it on a batch using a script that call an external file to get the password and user that I need to change I mean like having a list and then export it to spotfire
unfortunately I can't find a way to batch update users in Spotfire Server. if you needed to import a bunch of new users, you could use the command line interface, but it doesn't look like the import-users command will "overwrite" existing users (it should report an error when trying to add a new user who already exists).
I believe the password field in the Spotfire database is Base64 encoded, so you could theoretically run a database update query but this is really dangerous and may wreck your database. if you try anything like this, be sure to work in a test environment and be doubly sure that you have backups!
my recommendation is to use something like LDAP. the Spotfire database is not really designed to administer large number of users, or at least it doesn't seem that way from an administrator's perspective.
Related
how can I make a login form that will remember the user so that he does not have to log in next time.
Some more information would be nice but if you want to use a database for this then you would have to create a entry for the user information last entered.
And then on reopening the programm you would check if there are any entrys and if yes load it.
But I think that writing the login information to a file on you pc would be a lot easier. So you run the steps from above just writing to a file instead of a database.
I am not sure how you would make this secure because you can't really encrypt the password because you would need a password or key of some type and that password or key would be easy to find in the source code especially in python. It would be harder to find in other compiler based programming languages but also somewhere. And if you would use a database you would have a password for that but that would also lay on the hardrive if not encrypted otherwise but there we are where we started.
So as mentioned above a database would be quite useless for a task like this because it doesn't improve anything and is a hassle for beginners to setup.
Is there a way to programmatically import a user's notes id into their mail database using lotusscript? I'm trying to automate the manual process of Notes ID management for secure mail feature in IBM Domino Security Preferences.
Thanks for your feedback!
Usually the ID file is on the local user drive. So you cannot access it centrally. If it is on a network drive, e.g. within the user sub-directory, then of course you'll be able to get and process it.
So, two scenarios:
On network drive:
- go over all drives, search the ids and attach it to the corresponding mailbox. However, it might be complicated to determine which network drive belong to which Domino user. Also one user might have multiple id files. This could become very complicated!
On local drive:
- you might want to perform the actions quite easy by running a LotusScript by the user, e.g. by sending a button that the user has to press. When the user is doing it, it is clear which id file is currently in use and the code will have access to it (because the user is currently using it). However, this solution relies on the user ability to press the button.
I am currently working on a java search project that will be distributed to the clients' local server, the project contains some valuable data that we hope it cannot be accessed directly on the machine, but can only be accessed from the project services/apis. The data will be updated on a daily basis and need to be avaliable for query 24/7.
I am thinking of eCryptFs, but after some test, it seems that once the encrypted data is mounted under the service user, say 'root1', as I have to keep the encrypted data in the mounted state to support query, all the other login users can access the de-crypted data without password. Is there anyway to support my scenario? Thanks.
If your users don't have root access, you can simply store the encryption key in a file and deny read access to other users.
If your users do have root access, there is nothing you can do.
EDIT:
Under most circumstances, someone with root account can do anything that the other users can do. So, even if you did get per user r/w permissions on a file but only for a certain user (which is very possible), it would be rather pointless. (Someone with sudo/root access could just run sudo su USER, where USER is the account with the r/w permissions. I think a better way to go about this is to look at options that users do not have control over.
The first thing that came to mind was compiled programs. While they are not really meant for holding secure information, you could compile a simple program to output a little bit of the information after a time delay (to prevent them from just running it continuously and then compiling all of the data they get from it.) Actually, modifying your Java program might be easier; just have it store the information as an enormous string or something. :D
These open source Java obfuscators will make it harder (but certainly not impossible) to reverse engineer your program and, along with it, the data inside.
A more secure option would be to write a C program, compile it, and have it output information (after a time delay) that the JAVA file can then manage. In order to make it harder to decompile, you could add some encryption methods to the string so if the Decompiler messes up on any part of it, it's still worthless information to them.
Final verdict: Nothing is really 100% secure when it is stored on someone else's computer(s) but, then again, neither is it 100% secure on your own server. I would suggest looking into other options, but if you have no other option and you have legal protection on the information, this might work for you.
I've always wonder what security mechanisms are there to prevent an employee (dba, developer, manager, etc.) from modifying users' data. Let say a user has a Facebook account. Knowing who database works, I know that at least two employees in that company would have root access to it. So my question is what if such employee decides to alter someone's profile, insert bad or misleading comments, etc.?
Any input is appreciated. Thanks.
If a person has full write access to a database, there is nothing preventing them from writing to that database. A user who has unrestricted access to Facebook's database engine has nothing other than company policy to prevent them from altering that data.
Company policy and personal honor are usually good enough. In the end, though, there's always that risk; a Google employee was fired in July for reading users' private account data. In short, the people who write software for a system can make that system do whatever they like, and there is absolutely no way to prevent this; people who can read a source of data can read that source of data, and people who can edit it can edit it. There is no theoretical way to prevent this from being the case.
In short, all that can be done is to have more than one person watching the database, and fire people who try to damage it. As a user, all you can do is trust the company that controls the data.
This is a user access control problem. You should limit who has DBA access. You should limit what code developers have access to, such as only the projects that they need to do their job.
An after thought is to keep backups and logs. If someone does change a record in the database you should have a system in place to identify and fix the problem.
I'm installing third party software that must read from HKEY_CURRENT_USER\SOFTWARE... using inno-setup.
I need to write this value to all users, how can I do it?
As 0xA3 says, you cannot. One of the major reasons is Roaming Profiles. Basically, the profile data for a particular user may not even be present on the machine, at this time, or it may be a stale copy.
If you need a setting that applies to all users, then obvious HKEY_LOCAL_MACHINE would be preferred. If you need a setting that will be the default for all users, then store that default in HKEY_LOCAL_MACHINE, and copy it into a users profile if they don't currently have a valud there.
Basically you can't do this (in a simple and supported manner). To do this, all user hives would need to be loaded and that is not necessarily the case for all users.
You can write to the default profile under HKEY_USERS\.DEFAULT which will affect all new user profiles, or you can write to the machine hive under HKEY_LOCAL_MACHINE.
Probably the preferred option would be to run the setup separately for every user, e.g. as part of a logon script.
You might consider on app run, looking for current user keys and if not found, message for a repair reg that would add keys to the current user. I have a similar situation and that's what I do.
HKEY_CURRENT_USER is just a pointer to: HKEY_USERS\ Security ID (SID) so if you really wanted to do this then you could iterate over all HKEY_USERS (however this only includes users currently logged on to the system).
A better solution might be to check in your app whether the settings have been setup for HKEY_CURRENT_USER and if not copy from a HKEY_LOCAL_MACHINE. In this way your app will handle new users added after installation.