Solved

Restricting database copying and replication

Posted on 2000-04-17
9
230 Views
Last Modified: 2013-12-18
We have a Notes database that contains "sensitive" information. Is is possible to restrict users from creating replicas or copies of this database without disrupting its replication between servers?
0
Comment
Question by:marios
9 Comments
 
LVL 2

Accepted Solution

by:
mchampou earned 300 total points
ID: 2724197
Hi marios,

I don't think that you can prevent users from creating local replicas without preventing replications between servers. But the following will prevent the database from opening if a user creates a local copy.

A consultant used a snippet of code that you'll find below to make sure that nobody was able to open a local copy of the database.

First put this in the Database Script. this code must go into the Declarations.

Declare Function NEMGetCurrentSubprogramWindow Lib "nnotesws.dll" () As Long
Declare Function NEMStopSubprogramWindow Lib "nnotesws.dll" (Byval wHandle As Long) As Integer

Then, put this code in the PostOpen event of the database script :

Dim session As New notessession 'The current session
Dim Db As NotesDatabase 'The current database
Dim wHandle As Long 'Window handel ... used to close the window



Set Db= session.currentdatabase 'Get the current database
wHandle = NEMGetCurrentSubprogramWindow        ' Get window handle...


If Db.Server = "" Then

     Messagebox |This application can only be used from a server copy. The current Database copy cannot be used.|
     Call NEMStopSubprogramWindow(wHandle)

End If

0
 
LVL 3

Expert Comment

by:Simon_Hendry
ID: 2724557
You should also be using server and user readers fields on all documents.. I.e each document contains a readers field that contains a list of users and another containing the list of servers that have access to the documents.. This way you can set the serverreaders field to all of the servers in the replica ring and set the user readers field to only those user that have access to each document..

In this way the servers can replicate every document but the users can only replicate/copy the documents they can read...

Also , so that the user doesn't get manager access to the database when copying it locally , make sure you set "Consistent ACL across replicas" to on... Otherwise mchapmou code ( which is excellent !! ) code be simply removed by the user in design mode as they would be the manager of the local replica...( unless the design is hidden of course ).. Also for extremely sensitve information you should specify the all your forms to be "hidden when copied to clipboard" ( you can get around this but it works for most users )..
0
 
LVL 1

Expert Comment

by:sk5t
ID: 2730845
These ideas have some utility, but none is a secure solution.  (For example, a talented user could make a local copy of a database, then replace its design with another template to remove any 'security' in the PostOpen event.)  

Remember, in general, meaningful security is structured (more or less) as:

Network -> Server -> Database -> Document -> Field.

The only viable Document-level protection is a $Readers field.  And field-level protection == encryption.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 63

Expert Comment

by:SysExpert
ID: 2733245
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 2733248
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
 
LVL 1

Expert Comment

by:sk5t
ID: 2734885
Reader access is sufficient to create a local copy of a database.  I'd hate to think what happens if one configures 'security' believing otherwise.
-----------------------------7d03391e101be
Content-Disposition: form-data; name="notify"

on
-----------------------------7d03391e101be
Content-Disposition: form-data; name="qid"

10329757
-----------------------------7d03391e101be
Content-Disposition: form-data; name="Submit"

Submit
-----------------------------7d03391e101be--
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 2736077
Whoops,  sk5t is right. I have been working on servers for so long, that I forgot that any user with read or above can create a local database.
Another solution is to use local encryption on the Server using the server ID.
When it is replicated locally, no one who does not have the Server ID, will be able to access the database.
I hope this helps !!
0
 

Author Comment

by:marios
ID: 2739810
Thanks, that's a good tip, although not a solution. Does it work both under Win98 and NT?
0
 

Expert Comment

by:kkshum
ID: 12621740
I think it's a good ideas, but how to set local encryption on Server using server id?
0

Featured Post

ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
I thought it will be a good idea to make a post as it will help in case someone else faces these issues. I trust this gives an idea how each entry in Notes.ini can mean a lot for the Domino Server to be functioning properly. This article discusses t…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question