Skip to main content
This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.
Information Mgmt
New to Lotus
How to buy
Live demos
Technical library
Forums & community
Java™ technology
Open source
SOA and Web services
Web development
My developerWorks
About dW
Submit content

developerWorks  >  Lotus  >  Forums & community  >  Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum



PreviousPrevious NextNext

RE: Security flaw-accessing other people's databases
Paul K Smerdon 14.Feb.07 03:04 PM a Web browser
Domino Everyplace All Releases All Platforms

Sounds like whoever is doing the Notes Administration at your company needs to take "Admin 101" to learn basic security practices.

1) To prevent other users from opening and reading other's mail use the ACL. Check the access level of -Default-. This is typicallt set to No Access.

2) The machine names written to this field are the machines the users logged onto their home mail server with. I'm not usre how oftne this is recorded or how long a machine name will saty there if it's not used. My guess is this is updated daily when StatLog runs but I don't know for sure. May be updated by Dynamic Client Config process also.

3) No logs for this. I would recommend getting the ID's out of the Domino Directory and storing them in a secured folder on the network or in an Encrypted database within Lotus Notes. Check out ID Manager from Help Software.

4) The server log (log.nsf) keeps track of user access for servers and databases. There's also an activity log in each database. But if someone is using someone else's ID there is no way to know who is using it. It is assumed that each user guards there own ID and does not share their password with anyone. Which leads me to a question: when you saved an ID to your PC and switched to it in Lotus Notes were you prompted for a password? If not I could see this as a major security flaw. The person creating the IDs has the password quality set to "0".

I'd say it might be a good idea to bring in a consultant to evaluate your security model and make suggestions.

Security flaw-accessing other peopl... (Marcus Trendar 14.Feb.07)
. . RE: Security flaw-accessing other p... (Jean-Yves River... 14.Feb.07)
. . RE: Security flaw-accessing other p... (Tom Kuczek 14.Feb.07)
. . RE: Security flaw-accessing other p... (Paul K Smerdon 14.Feb.07)
. . RE: Security flaw-accessing other p... (Marcus Trendar 14.Feb.07)

Document Options

  Document options
Print this pagePrint this page

Search this forum

Forum views and search

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Advanced search

Member Tools

RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds


Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds


IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums

 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite