Skip to main content
This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.
 
developerWorks
AIX and UNIX
Information Mgmt
Lotus
New to Lotus
Products
How to buy
Downloads
Live demos
Technical library
Training
Support
Forums & community
Events
Rational
Tivoli
WebSphere
Java™ technology
Linux
Open source
SOA and Web services
Web development
XML
My developerWorks
About dW
Submit content
Feedback



developerWorks  >  Lotus  >  Forums & community  >  Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

developerWorks

  

PreviousPrevious NextNext

RE: Security flaw-accessing other people's databases
Tom Kuczek 14.Feb.07 03:01 PM a Web browser
Domino Everyplace All Releases All Platforms


Marcus,

This is not a security flaw, this is a weak implementation of Lotus Domino security. Domino is very secure when implemented properly and in your case, it was not.

Being the auditor, I would come down hard on the IT group and have them find a solution for moving the ID files out of the domino directory and off of the invalid user's machines. When a user is created, the notes administrator has the ability to store the ID in the directory or store it out on the file system - your group obviously did not know how to create users properly to have a secure Domino environment.

There are no logs indicating which ID file was copied or detached from the domino directory. There are creative solutions that can be developed to fix the problem and I would ask IT to come up with a solution. There are many solutions and answers to your questions and they can be found in this forum. A login script can be executed to search the user's system for .id files and write this information out to a log file. At least you would know which users have invalid id files on their systems.

I did not mean to be negative or condescending but If your group does not have domino expertise (and it sounds like you don't), I would recommend hiring a domino consultant to resolve your issues.




Security flaw-accessing other peopl... (Marcus Trendar 14.Feb.07)
. . RE: Security flaw-accessing other p... (Jean-Yves River... 14.Feb.07)
. . RE: Security flaw-accessing other p... (Tom Kuczek 14.Feb.07)
. . RE: Security flaw-accessing other p... (Paul K Smerdon 14.Feb.07)
. . RE: Security flaw-accessing other p... (Marcus Trendar 14.Feb.07)


Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Author
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds

Resources

 Resources
Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds

Wikis

 Wikis
IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums


 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite