Dimensions CM encrypts passwords using Blowfish encryption.
During authentication, the client sends the user’s login credentials to the Dimensions CM server and encrypts it using Blowfish encryption with a randomly generated 64-bit key. The encryption protects sensitive data from being discovered using a network packet sniffer.
Note: If further security is required, we recommend enabling SSDP to encrypt all traffic. For details, see Network protocols.
Passwords for key user accounts are stored on the Dimensions CM server on the file system, in the dfs/registry.dat file located under your server installation root folder. On UNIX, to ensure that the passwords are secure, they are owned and only readable by root. On Windows, you can secure these files after the installation of Dimensions CM.
The credentials are also protected by encryption technology. The usernames and passwords are encrypted using the AES128 encryption algorithm, but you can use AES256 if required.
Use the dmpasswd utility to manage accounts stored in the in dfs/registry.dat file.
The stored accounts include:
|Dimensions pool owner||The application server processes running on the server are all owned by default by a single user account (the pool owner). The pool manager process (dmpool.exe) needs to know the password for this user to start these application server processes.|
|Database schema||Each Dimensions CM base database is a database schema. The schema username and password are stored to allow Dimensions CM to connect to the schema.|
|LDAP bind user||If you have configured Dimensions CM to use Lightweight Directory Access Protocol (LDAP) and are using a specific user account for performing searches on the LDAP directory, their DN and password must be stored in this file.|
|Deployment area credentials||If the Dimensions CM administrator has entered user credentials for a deployment area in the administration console, these are also stored using the same encryption scheme.|
You can use the web client and Administration Console over the industry standard HTTPS protocol to encrypt all communication between the browser and the Web Application Container using SSL/TLS.
When using LDAP to authenticate user credentials, Dimensions CM supports LDAP over an SSL tunnel and LDAP with StartTLS extensions. Both of these security mechanisms encrypt the LDAP communication using strong SSL/TLS encryption. Not all LDAP servers support both secure protocols.