Encrypted Attributes; Secure Connections; A.6 Encrypted Attributes; A.7 Secure Connections - Novell IMANAGER 2.7.3 - ADMINISTRATION Administration Manual

NOTE: Because of the way that iManager interprets and uses data, there are no known risks of
HTML-based attacks such as cross-site scripting.

A.6 Encrypted Attributes

iManager is able to securely read eDirectory 8.8 encrypted attributes. However, because of the way
it determines if an attribute is encrypted, iManager does not securely modify or delete these
encrypted attributes. The impact of this, which can result in some wire-level data exposure, can be
mitigated through normal network security practices such as the following:
Locating all iManager servers behind the firewall
Locating iManager servers physically near their associated eDirectory servers
Physically securing iManager and eDirectory servers
Requiring remote administrators to use a VPN to access iManager and eDirectory servers

A.7 Secure Connections

Although iManager leverages secure HTTP (SSL) for client communications, and secure LDAP
connections between iManager and eDirectory servers, iManager does not, with the exception of
reading encrypted attributes, utilize secure NCP connections for communications between iManager
servers and eDirectory servers.
This is also true for the NCP connection used by Mobile iManager. The impact of this, which can
result in some wire-level data exposure, can be mitigated through normal network security practices
such as the following:
Locating all iManager servers behind the firewall
Locating iManager servers physically near their associated eDirectory servers
Physically securing iManager and eDirectory servers
Requiring remote administrators to use a VPN to access iManager and eDirectory servers
NOTE: Regardless of the wire-level encryption being used, passwords are always encrypted and
protected as part of the iManager authentication process.
112 Novell iManager 2.7.3 Administration Guide