Need help with Domino DB security issue
Posted on 2002-05-09
Domino Database security seems to be bypassed by Lotus Sametime's (Sametime is an app. that runs on Domino) "Add invitee" Java applet. I can't keep the applet from being able to browse the secondary directory no matter what ACL settings I use. This is a problem since I want to use a secondary directory for each company accessing the server but I don't want them seeing each others directories.
Suppose I create a secondary domino directory, "secondDir.nsf" . I next create/install a directory assistance DB and add secondDir.nsf to it. Finally, I create a group, SecondDirGroup, and add to it a few person names.
Now, if I set secondDir.nsf's ACL to allow only access by SecondDirGroup (removing all other entries and setting "enforce a consistent ACL..."), I can still access secondDir.nsf from Sametime's invite attendee Java applet using a login that is not anyone in SecondDirGroup. That is I can see everyone and every group listed in secondDir.nsf.