Solved

Restricting database copying and replication

Posted on 2000-04-17
9
228 Views
Last Modified: 2013-12-18
We have a Notes database that contains "sensitive" information. Is is possible to restrict users from creating replicas or copies of this database without disrupting its replication between servers?
0
Comment
Question by:marios
9 Comments
 
LVL 2

Accepted Solution

by:
mchampou earned 300 total points
Comment Utility
Hi marios,

I don't think that you can prevent users from creating local replicas without preventing replications between servers. But the following will prevent the database from opening if a user creates a local copy.

A consultant used a snippet of code that you'll find below to make sure that nobody was able to open a local copy of the database.

First put this in the Database Script. this code must go into the Declarations.

Declare Function NEMGetCurrentSubprogramWindow Lib "nnotesws.dll" () As Long
Declare Function NEMStopSubprogramWindow Lib "nnotesws.dll" (Byval wHandle As Long) As Integer

Then, put this code in the PostOpen event of the database script :

Dim session As New notessession 'The current session
Dim Db As NotesDatabase 'The current database
Dim wHandle As Long 'Window handel ... used to close the window



Set Db= session.currentdatabase 'Get the current database
wHandle = NEMGetCurrentSubprogramWindow        ' Get window handle...


If Db.Server = "" Then

     Messagebox |This application can only be used from a server copy. The current Database copy cannot be used.|
     Call NEMStopSubprogramWindow(wHandle)

End If

0
 
LVL 3

Expert Comment

by:Simon_Hendry
Comment Utility
You should also be using server and user readers fields on all documents.. I.e each document contains a readers field that contains a list of users and another containing the list of servers that have access to the documents.. This way you can set the serverreaders field to all of the servers in the replica ring and set the user readers field to only those user that have access to each document..

In this way the servers can replicate every document but the users can only replicate/copy the documents they can read...

Also , so that the user doesn't get manager access to the database when copying it locally , make sure you set "Consistent ACL across replicas" to on... Otherwise mchapmou code ( which is excellent !! ) code be simply removed by the user in design mode as they would be the manager of the local replica...( unless the design is hidden of course ).. Also for extremely sensitve information you should specify the all your forms to be "hidden when copied to clipboard" ( you can get around this but it works for most users )..
0
 
LVL 1

Expert Comment

by:sk5t
Comment Utility
These ideas have some utility, but none is a secure solution.  (For example, a talented user could make a local copy of a database, then replace its design with another template to remove any 'security' in the PostOpen event.)  

Remember, in general, meaningful security is structured (more or less) as:

Network -> Server -> Database -> Document -> Field.

The only viable Document-level protection is a $Readers field.  And field-level protection == encryption.
0
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
If all you are worried about is local replication, then do not give anybody but the administrator access above reader or author. This will prevent anybody from creating a local  copy, but will not affect replications. If you are talking about people who require higher access ( design or Admin ), then you will have to go to document or field level protection.
I hope this helps.
0
 
LVL 1

Expert Comment

by:sk5t
Comment Utility
Reader access is sufficient to create a local copy of a database.  I'd hate to think what happens if one configures 'security' believing otherwise.
-----------------------------7d03391e101be
Content-Disposition: form-data; name="notify"

on
-----------------------------7d03391e101be
Content-Disposition: form-data; name="qid"

10329757
-----------------------------7d03391e101be
Content-Disposition: form-data; name="Submit"

Submit
-----------------------------7d03391e101be--
0
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
Whoops,  sk5t is right. I have been working on servers for so long, that I forgot that any user with read or above can create a local database.
Another solution is to use local encryption on the Server using the server ID.
When it is replicated locally, no one who does not have the Server ID, will be able to access the database.
I hope this helps !!
0
 

Author Comment

by:marios
Comment Utility
Thanks, that's a good tip, although not a solution. Does it work both under Win98 and NT?
0
 

Expert Comment

by:kkshum
Comment Utility
I think it's a good ideas, but how to set local encryption on Server using server id?
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now