Solved

Securing names.nsf over internet

Posted on 2004-09-28
8
1,621 Views
Last Modified: 2013-12-18
I'm using Notes webmail over the internet. I've noticed that if I explicitly point to the dominoaddress book <http://mailserver/names.nsf> I can access the names.nsf without having to authenticate.

I've compared my ACL with another internet domino server (which prompts for authentication if I try to access the names.nsf) and the acl settings appear similar ie default access is reader and max. internet user access is 'author'

Is there some other parameter besides the ACL that I need to modify in order to secure my address book?
0
Comment
Question by:isltt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 46

Assisted Solution

by:Sjef Bosman
Sjef Bosman earned 100 total points
ID: 12171038
This is prolly an R5 server. R6 will by default protect a lot more.

You need to set Anonymous to No Access in the ACL. That'll do. Check for the real differences between the two databases.
0
 
LVL 9

Assisted Solution

by:HappyFunBall
HappyFunBall earned 150 total points
ID: 12171044
Your ACL settings should be more secured.

Set both your default and anonymous user access to NO ACCESS immediately
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 12172249
Umm, -Default- should NOT be No Access, because that will lock out regular Notes users as well.  If this server is the internal user's mail (or application) server, or the names.nsf on this server replicates with the names.nsf for the mail (or applications) server, then -Default- would normally be Author, or perhaps Reader.

If you are afraid to allow any access under -Default-, then what you need to do is add a mixed group named */CERTNAME with Author (or Reader) access, where CERTNAME is the name of the root Notes certifier that you use.  If you have flat names, you can't do that, and if you have multiple root certifiers, you will need to put each in this way.  Then, you will need to make sure that internet-only users who authenticate but should not have access to names.nsf are registered without the /CERTNAME as their names.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Assisted Solution

by:schubemk
schubemk earned 150 total points
ID: 12172988
Check your ACL for a user called "Anonymous".  He should be set to "No Access" on names.nsf.  If he's not there, add him.   Also make sure that entry is in log.nsf.  When we do security audits, the next place we go after names.nsf to harvest user names, database names, and server names  is log.nsf.
0
 
LVL 9

Expert Comment

by:HappyFunBall
ID: 12173112
Qwaletee -

Setting -Default- to "No Access" prevents anyone not explicitly included in the ACL from accessing the database.  It doesn't "lock out regular Notes users".  If you then give a group of all company users "Reader" access, you'll be fine.
0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12173253
I have two recommendations (one worth one cent exactly)

(1) Anonymous
     (a) If you don't already have it, add it.
     (b) Set it to 'No access'
          There is a complete logic behind it. I can explain.

(2) Set the maximum Internet access to 'Read', untill you want your authenticated people to make changes to it from over Internet (a less common scenario).
0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12173275
Oh, a lot has been said already :)
0
 
LVL 19

Accepted Solution

by:
RanjeetRain earned 100 total points
ID: 12173440
May be you can read this and you would come to know most of the things you should do.

http://www-10.lotus.com/ldd/lbytes.nsf/0/f668d51aaa7db800852568480071482f?OpenDocument#Controlling%20Access%20to%20the%20Web%20Ser
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question