Skip to main content
This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.
 
developerWorks
AIX and UNIX
Information Mgmt
Lotus
New to Lotus
Products
How to buy
Downloads
Live demos
Technical library
Training
Support
Forums & community
Events
Rational
Tivoli
WebSphere
Java™ technology
Linux
Open source
SOA and Web services
Web development
XML
My developerWorks
About dW
Submit content
Feedback



developerWorks  >  Lotus  >  Forums & community  >  IBM Lotus Notes/Domino 8.5 Forum (includes Lotus Notes Traveler)

IBM Lotus Notes/Domino 8.5 Forum (includes Lotus Notes Traveler)

Previous Next
Subject: Traveler Security Flaw?
Feedback Type: Problem
Product Area: Notes Traveler
Technical Area: Accessibility
Platform: Windows
Release: 8.5.3
Reproducible: Not attempted

I recently was notified that a couple of my Traveler users were receiving new devices. Rather than keep the Traveler database cluttered with multiple devices, I used the "Tell Traveler Delete {device} {username}" to remove the device that was no longer supposed to be used.

Today I noticed one of the deleted users, who activated his new device, apparently activated the previous devices he had been using.

Now, this might not be a problem if we were allowing everyone to activate devices, or authorized people to activate as many devices as they wanted to. However, I have the security set that each user can activate a SINGLE device, then any further devices require approval.

Have I discovered a security flaw? Is a previously activated device still considered 'approved' if that device is deleted from the server and the user re-activates it, after having activated another device (which is considered approved)?

We are wanting to allow users to activate only ONE device. We already had an allowed user attempt to activate a personal device, and the approval process caught it, asking us to allow. However, this user activated their new device, and then apparently tried to activate their previous device, and it was allowed, instead of requiring Admin Approval.

Brian


Feedback number WEBB8VHLZN created by Brian Graham on 06/22/2012

Status: Open
Comments:

Traveler Security Flaw? (Brian Graham 22.Jun.12)
. . re:Traveler Security Flaw? (Gregg Eldred 22.Jun.12)
. . . . Tell traveler security delete <devi... (Brian Graham 22.Jun.12)
. . . . . . RE: Tell traveler security delete <... (Robert S Sielke... 25.Jun.12)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds

Resources

 Resources
Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support


 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds

Wikis

 Wikis
IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums


 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite