?
Solved

Restricting database copying and replication

Posted on 2000-04-17
9
Medium Priority
?
238 Views
Last Modified: 2013-12-18
We have a Notes database that contains "sensitive" information. Is is possible to restrict users from creating replicas or copies of this database without disrupting its replication between servers?
0
Comment
Question by:marios
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Accepted Solution

by:
mchampou earned 1200 total points
ID: 2724197
Hi marios,

I don't think that you can prevent users from creating local replicas without preventing replications between servers. But the following will prevent the database from opening if a user creates a local copy.

A consultant used a snippet of code that you'll find below to make sure that nobody was able to open a local copy of the database.

First put this in the Database Script. this code must go into the Declarations.

Declare Function NEMGetCurrentSubprogramWindow Lib "nnotesws.dll" () As Long
Declare Function NEMStopSubprogramWindow Lib "nnotesws.dll" (Byval wHandle As Long) As Integer

Then, put this code in the PostOpen event of the database script :

Dim session As New notessession 'The current session
Dim Db As NotesDatabase 'The current database
Dim wHandle As Long 'Window handel ... used to close the window



Set Db= session.currentdatabase 'Get the current database
wHandle = NEMGetCurrentSubprogramWindow        ' Get window handle...


If Db.Server = "" Then

     Messagebox |This application can only be used from a server copy. The current Database copy cannot be used.|
     Call NEMStopSubprogramWindow(wHandle)

End If

0
 
LVL 3

Expert Comment

by:Simon_Hendry
ID: 2724557
You should also be using server and user readers fields on all documents.. I.e each document contains a readers field that contains a list of users and another containing the list of servers that have access to the documents.. This way you can set the serverreaders field to all of the servers in the replica ring and set the user readers field to only those user that have access to each document..

In this way the servers can replicate every document but the users can only replicate/copy the documents they can read...

Also , so that the user doesn't get manager access to the database when copying it locally , make sure you set "Consistent ACL across replicas" to on... Otherwise mchapmou code ( which is excellent !! ) code be simply removed by the user in design mode as they would be the manager of the local replica...( unless the design is hidden of course ).. Also for extremely sensitve information you should specify the all your forms to be "hidden when copied to clipboard" ( you can get around this but it works for most users )..
0
 
LVL 1

Expert Comment

by:sk5t
ID: 2730845
These ideas have some utility, but none is a secure solution.  (For example, a talented user could make a local copy of a database, then replace its design with another template to remove any 'security' in the PostOpen event.)  

Remember, in general, meaningful security is structured (more or less) as:

Network -> Server -> Database -> Document -> Field.

The only viable Document-level protection is a $Readers field.  And field-level protection == encryption.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 63

Expert Comment

by:SysExpert
ID: 2733245
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 2733248
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
 
LVL 1

Expert Comment

by:sk5t
ID: 2734885
Reader access is sufficient to create a local copy of a database.  I'd hate to think what happens if one configures 'security' believing otherwise.
-----------------------------7d03391e101be
Content-Disposition: form-data; name="notify"

on
-----------------------------7d03391e101be
Content-Disposition: form-data; name="qid"

10329757
-----------------------------7d03391e101be
Content-Disposition: form-data; name="Submit"

Submit
-----------------------------7d03391e101be--
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 2736077
Whoops,  sk5t is right. I have been working on servers for so long, that I forgot that any user with read or above can create a local database.
Another solution is to use local encryption on the Server using the server ID.
When it is replicated locally, no one who does not have the Server ID, will be able to access the database.
I hope this helps !!
0
 

Author Comment

by:marios
ID: 2739810
Thanks, that's a good tip, although not a solution. Does it work both under Win98 and NT?
0
 

Expert Comment

by:kkshum
ID: 12621740
I think it's a good ideas, but how to set local encryption on Server using server id?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
Article by: Rob
Notes 8.5 Archiving Steps and Tips This article covers setting up a Notes archive, and helps understand some of the menu choices making setting up and maintaining a Notes archive file easier.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question