Dimensions CM uses AES128 encryption to protect sensitive data such as passwords in network protocol messages and database tables.
During authentication, the client sends the user’s login credentials to the Dimensions CM server and encrypts it using the AES128 algorithm with a randomly generated 128-bit key.
If you need a stronger encryption policy, Dimensions CM also supports the AES256 algorithm. For details, see the section about encrypting usernames and passwords in Administration.
Note: If further security is required, we recommend enabling SSDP to encrypt all traffic. For details, see Network protocols.
Passwords for key user accounts are stored on the Dimensions CM server on the file system, in the dfs/registry.dat file located under your server installation root folder. On UNIX, to ensure that the passwords are secure, they are owned and only readable by root. On Windows, you can secure these files after the installation of Dimensions CM.
The credentials are also protected by encryption technology. The usernames and passwords are encrypted using the AES128 algorithm.
Use the dmpasswd utility to manage accounts stored in the in dfs/registry.dat file.
The stored accounts include:
|Dimensions pool owner
|The application server processes running on the server are all owned by default by a single user account (the pool owner). The pool manager process (dmpool.exe) needs to know the password for this user to start these application server processes.
|Each Dimensions CM base database is a database schema. The schema username and password are stored to allow Dimensions CM to connect to the schema.
|LDAP bind user
|If you have configured Dimensions CM to use Lightweight Directory Access Protocol (LDAP) and are using a specific user account for performing searches on the LDAP directory, their DN and password must be stored in this file.
|Deployment area credentials
|If the Dimensions CM administrator has entered user credentials for a deployment area in the administration console, these are also stored using the same encryption scheme.
You can use the web client and Administration Console over the industry standard HTTPS protocol to encrypt all communication between the browser and the Web Application Container using SSL/TLS.
When using LDAP to authenticate user credentials, Dimensions CM supports LDAP over an SSL tunnel and LDAP with StartTLS extensions. Both of these security mechanisms encrypt the LDAP communication using strong SSL/TLS encryption. Not all LDAP servers support both secure protocols.