Setting Field Access: Using Encryption

Encryption is a means of protecting data from unauthorized access. Field encryption protects the information within a specific field and only users that have been given the key to decrypt the information can see the data stored in an encrypted field. Although field encryption is considered true security when used through a Notes client, through the Web it does not work. Field encryption is controlled through an Encryption Key that is created and stored in a Notes ID. Web users do not use a Notes ID to authenticate, so are not able to encrypt or decrypt a field.

When a document is created in a Notes client with an encrypted field, a Web user cannot see the value of that field. If the same document is created from a Web client, however, the field is not only seen and populated, it is not encrypted.

Readers and Authors type fields do work on the Web. If you created a document that contained a populated Readers field, a Web user would not be able to see that document. The only way a Web user would be able to access a document in this situation would be If the Readers field was populated with the word Anonymous. If the Web user authenticated and the Readers field was populated with that authenticated name. Even though Reader and Author type fields are not listed in the TOC, they play an important part in security and are referenced in the exam.