Skip to main content
This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.
Information Mgmt
New to Lotus
How to buy
Live demos
Technical library
Forums & community
Java™ technology
Open source
SOA and Web services
Web development
My developerWorks
About dW
Submit content

developerWorks  >  Lotus  >  Forums & community  >  Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum



PreviousPrevious NextNext

Marcus Trendar 14.Feb.07 02:50 PM a Web browser
Domino Everyplace All Releases All Platforms


I work as an internal auditor at a mid sized (around 600 employee) company. Currently, I am auditing the IT department. During auditing I figured out that anyone can access other people’s mailboxes and open them/view them. (we use lotus notes 6)

At the server I found the Company’s Domino Directory / Adress book directory database or whatever it is called. (FOR YOU TO UNDERSTAND WHAT KIND OF DATABSE THAT IS: when the admin cut off my access to that database my address book didnt work. “access is forbidden” message came) I clicked on some person’s name and a new window opened-showing the database’s properties. The UserID of the person was there too. I copied it on my C drive, and following the steps (switch user id/open database) I opened the person’s database and viewed them.

As a curious internal auditor I checked some other people’s databases and saw this:

At the administration tab of someone’s database properties there is a “client Information” area where it includes “notes client machine”. At some people’s databases, in that area, it was written 3-4 computers’ name some of which is not that person’s computer.

My questions are:

1. How can my IT department fix this problem? (I told them to copy the COMPANY’s DOMINO DIRECTORY without ID’S and delete the old one...they said there will be caos)
2. at the “notes client machine” area, what it is written-what do those computer names mean?(are those the ones who opened that database)
3. Are there anly logs showing who copied the IDs to their computers?
4. Are there any logs to see who accessed whose database with the UserID they copied?

I will be more than pleased if you can inform me on this.

Thanks in advance.
Marcus T.

Security flaw-accessing other peopl... (Marcus Trendar 14.Feb.07)
. . RE: Security flaw-accessing other p... (Jean-Yves River... 14.Feb.07)
. . RE: Security flaw-accessing other p... (Tom Kuczek 14.Feb.07)
. . RE: Security flaw-accessing other p... (Paul K Smerdon 14.Feb.07)
. . RE: Security flaw-accessing other p... (Marcus Trendar 14.Feb.07)

  Document options
Print this pagePrint this page

 Search this forum

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Advanced search

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds


Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds


IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums

 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite