Solved

Restricting database copying and replication

Posted on 2000-04-17
9
236 Views
Last Modified: 2013-12-18
We have a Notes database that contains "sensitive" information. Is is possible to restrict users from creating replicas or copies of this database without disrupting its replication between servers?
0
Comment
Question by:marios
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Accepted Solution

by:
mchampou earned 300 total points
ID: 2724197
Hi marios,

I don't think that you can prevent users from creating local replicas without preventing replications between servers. But the following will prevent the database from opening if a user creates a local copy.

A consultant used a snippet of code that you'll find below to make sure that nobody was able to open a local copy of the database.

First put this in the Database Script. this code must go into the Declarations.

Declare Function NEMGetCurrentSubprogramWindow Lib "nnotesws.dll" () As Long
Declare Function NEMStopSubprogramWindow Lib "nnotesws.dll" (Byval wHandle As Long) As Integer

Then, put this code in the PostOpen event of the database script :

Dim session As New notessession 'The current session
Dim Db As NotesDatabase 'The current database
Dim wHandle As Long 'Window handel ... used to close the window



Set Db= session.currentdatabase 'Get the current database
wHandle = NEMGetCurrentSubprogramWindow        ' Get window handle...


If Db.Server = "" Then

     Messagebox |This application can only be used from a server copy. The current Database copy cannot be used.|
     Call NEMStopSubprogramWindow(wHandle)

End If

0
 
LVL 3

Expert Comment

by:Simon_Hendry
ID: 2724557
You should also be using server and user readers fields on all documents.. I.e each document contains a readers field that contains a list of users and another containing the list of servers that have access to the documents.. This way you can set the serverreaders field to all of the servers in the replica ring and set the user readers field to only those user that have access to each document..

In this way the servers can replicate every document but the users can only replicate/copy the documents they can read...

Also , so that the user doesn't get manager access to the database when copying it locally , make sure you set "Consistent ACL across replicas" to on... Otherwise mchapmou code ( which is excellent !! ) code be simply removed by the user in design mode as they would be the manager of the local replica...( unless the design is hidden of course ).. Also for extremely sensitve information you should specify the all your forms to be "hidden when copied to clipboard" ( you can get around this but it works for most users )..
0
 
LVL 1

Expert Comment

by:sk5t
ID: 2730845
These ideas have some utility, but none is a secure solution.  (For example, a talented user could make a local copy of a database, then replace its design with another template to remove any 'security' in the PostOpen event.)  

Remember, in general, meaningful security is structured (more or less) as:

Network -> Server -> Database -> Document -> Field.

The only viable Document-level protection is a $Readers field.  And field-level protection == encryption.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Expert Comment

by:SysExpert
ID: 2733245
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 2733248
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
 
LVL 1

Expert Comment

by:sk5t
ID: 2734885
Reader access is sufficient to create a local copy of a database.  I'd hate to think what happens if one configures 'security' believing otherwise.
-----------------------------7d03391e101be
Content-Disposition: form-data; name="notify"

on
-----------------------------7d03391e101be
Content-Disposition: form-data; name="qid"

10329757
-----------------------------7d03391e101be
Content-Disposition: form-data; name="Submit"

Submit
-----------------------------7d03391e101be--
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 2736077
Whoops,  sk5t is right. I have been working on servers for so long, that I forgot that any user with read or above can create a local database.
Another solution is to use local encryption on the Server using the server ID.
When it is replicated locally, no one who does not have the Server ID, will be able to access the database.
I hope this helps !!
0
 

Author Comment

by:marios
ID: 2739810
Thanks, that's a good tip, although not a solution. Does it work both under Win98 and NT?
0
 

Expert Comment

by:kkshum
ID: 12621740
I think it's a good ideas, but how to set local encryption on Server using server id?
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question