Configuring security for the IBM® Lotus® Quickr™ involves configuring user authentication, configuring user access to the server, as well as performing other miscellaneous security configuration tasks.
Configuring user authentication
By default, the server uses basic name-and-password authentication to authenticate place members that connect through Web browsers or Lotus Quickr connectors. If you configure the server to connect to a user directory, there are additional methods available for authentication of external members, with the methods available dependent on whether IBM Lotus Quickr or IBM Lotus Domino controls directory services.
Configuring access to the server
A user with administrator access can control who has administrator access to the IBM Lotus Quickr server, who can create places on the server, and who has super user access to the server.
Using groups to extend membership
You can set up expanded membership, use the qpconfig.xml file to enable the feature on the server, use the Site Administration
link to configure the name and password to use to connect to the LDAP directory, and use qptool
to enable expanded membership in a place or places.
Hiding the Log In and Log Out links
After a user logs in to a place, the interface displays the Log Out link, and when the user logs out, the Log In link. You can hide the Log In and Log Out links after a user logs in. You might want to do this if single sign-on is enabled on the server, or if the server is running on a public pedestal, for example, at a trade show.
Configuring browser caching for tighter security
For additional security, configure the server to clear the Internet Explorer browser cache on user logout, and to prevent caching of IBM Lotus Quickr pages in browsers.
Protecting against cross-site scripting (XSS) attacks and additional security settings
As an administrator, you can configure several security settings for your system in the qpconfig.xml file. You can configure settings to guard your server against cross-site scripting attacks. Additionally, you can predefine a set of uploadable file types and create a set of privileged users that can upload files of file types in addition to the predefined file types.
Configuring FIPS (optional)
To make your implementation of IBM Lotus Quickr services for Lotus Domino FIPS compliant (which provides stronger protection for ID files, mail and documents, and single sign-on (SSO) configurations), you need to enable FIPS on a reverse proxy server that uses the Caching Proxy and Load Balancer Edge components included with the WebSphere Application Server. The reverse proxy server must be enabled for SSL and FIPS so that all requests to Lotus Quickr services for Domino go through the proxy.