Home
Securing your data
IBM® Notes® security enables you to protect your workspace and data at all times, so only you and the people you designate have access to your data.
Restricting access to local databases
When you enable encryption for a local database, IBM® Notes® encrypts the database using your public key from your User ID. You are the only one who can then decrypt the database because you have the corresponding private key in your User ID. Nobody else's User ID can open the database.

Securing your data
IBM® Notes® security enables you to protect your workspace and data at all times, so only you and the people you designate have access to your data.
- Your Notes User ID and how to store it
- Changing passwords
  Passwords prevent others from using your User ID. When your administrator creates your User ID, he or she decides whether it needs a password, and what type of password is required. Once you access IBM® Notes® for the first time, you should change your password to something that you can remember but is hard for others to guess.
- Using Notes shared login to eliminate Notes password prompts
  Notes® shared login (hereafter shared login) allows you to start IBM® Notes and use your User ID without having to provide a Notes password. You only need to log in to Microsoft® Windows® using your Windows password. Your administrator controls whether you can use shared login.
- Locking the Notes ID
  Locking your IBM® Notes® ID prevents others from using Notes when you are away from your computer. Locking your ID clears your Notes credentials and drops all connections to Notes servers. You must log in again in order to take any new action using Notes.
- Enabling Smartcards for Notes® login
  Smartcards resemble credit cards, but instead of containing a magnetic strip they contain a microprocessor and memory. You can use a Smartcard with your User ID to login to IBM® Notes®, provided you have a Smartcard reader installed on your computer. Once your User ID is enabled for Smartcard login, you are prompted for your Smartcard Personal Identification Number (PIN) in place of your Notes password.
- Requesting a new user name
  If you want to request a new User Name - for example, if you got married and you want to change your name - you must contact your administrator.
- Your Notes® and Internet names
  You can view all the names that identify you in Notes®.
- Sending mail to your administrator
- Accessing servers using certificates
  A certificate is an electronic stamp, like a stamp on a passport, which verifies to a server that you are who you say you are. Certificates are stored in your User ID. When you first receive your User ID from your administrator, it contains a Notes® certificate. You may decide to use Internet certificates as well. (You may see Internet certificates being referred to as X.509 certificates.)
- The Access Control List
  Every database includes an access control list (ACL), which IBM® Notes® uses to determine the level of access users and servers have to a database. Levels assigned to users determine the tasks that users can perform on a database. Levels assigned to servers determine what information within the database the servers can replicate.
- Restricting access to local databases
  When you enable encryption for a local database, IBM® Notes® encrypts the database using your public key from your User ID. You are the only one who can then decrypt the database because you have the corresponding private key in your User ID. Nobody else's User ID can open the database.
- Notes data
  You can restrict access to applications you have stored locally or encrypt a document in an application.
- Preventing others from reading or viewing specific documents
  You can protect your documents, so that only you and the people you designate can read them, even if others have access to the database your documents are in.
- Encrypting documents using secret keys
  Using a secret encryption key that is stored in your User ID, you can encrypt a document that you are posting in a public database, provided the document contains fields that are encryptable.
- How Notes® uses public and private keys for encrypting and signing mail
  IBM® Notes® uses a public and private key set to encrypt and decrypt data, as well as to validate digital signatures. The public and private key in a set are mathematically related to each other and are unique to your User ID. Your public key is stored in your Notes certificate. Your certificate is stored in your User ID and the IBM Domino® Directory. Your private key is stored only in your User ID.
- Restricting execution access with the Execution Control List
  You can protect your workstation by specifying different types of execution access for different people or organizational certifiers who run IBM® Notes® scripts and formulas. For example, you may give all types of execution access to your IBM Domino® administrator, but allow no execution access to unsigned scripts or formulas.
- Securing your POP3, IMAP, or LDAP accounts
  IBM® Notes® supports Secure Sockets Layer (SSL), which makes communication secure for your POP3, IMAP, or LDAP accounts. SSL encrypts the data that is sent between your Notes client and the server you specify for your account. Notes supports SSL versions 2.0 and 3.0. By default, Notes negotiates the best SSL version to use with a particular server.
- Signed plug-ins
  Your administrator may have selected plug-ins to be installed automatically with your client software. These plug-ins are signed with a certificate that is trusted by your client, and verified that the data they contain is not corrupted. Plug-ins signed in this way can then be installed without having to prompt you to accept them.

Restricting access to local databases

When you enable encryption for a local database, IBM® Notes® encrypts the database using your public key from your User ID. You are the only one who can then decrypt the database because you have the corresponding private key in your User ID. Nobody else's User ID can open the database.

About this task

Note: If you use a disk compression utility, databases using medium or strong encryption will not use significantly less disk space.

Results

To specify default local database encryption settings

About this task

Perform the following steps to specify the default encryption setting for new local databases. You can change the setting for a specific database.

Procedure

Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
Click Notes Data > Databases.
Select one of the following options:
- To turn off encryption for new local databases, select Do not locally encrypt.
- To enable encryption for new local databases, select one of the following options:
  Simple encryption You can change to a different level when you create a local database.
  Medium encryption You can change to a different level when you create a local database.
  Strong encryption (Recommended) Once selected, this is the only level of encryption available.

Results

To encrypt existing local databases

About this task

Procedure

Open the local database.
Click File > Application > Properties> Encryption Settings.
Select Locally encrypt this database using and select an encryption level. Strong is recommended and may be the only encryption level available.
Optional: By default, your User ID is listed as the only User ID that can open the database when encrypted. If you would rather give a different person access to the database, click "For," then choose an address book and person from the "Select name" dialog box.

CAUTION: If you choose a different user to have access to the database, you will lose your access to the database.

Results

Note: You may need to compact the database in order to fully remove the previous encryption settings.