• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1732
  • Last Modified:

Securing names.nsf over internet

I'm using Notes webmail over the internet. I've noticed that if I explicitly point to the dominoaddress book <http://mailserver/names.nsf> I can access the names.nsf without having to authenticate.

I've compared my ACL with another internet domino server (which prompts for authentication if I try to access the names.nsf) and the acl settings appear similar ie default access is reader and max. internet user access is 'author'

Is there some other parameter besides the ACL that I need to modify in order to secure my address book?
0
isltt
Asked:
isltt
4 Solutions
 
Sjef BosmanGroupware ConsultantCommented:
This is prolly an R5 server. R6 will by default protect a lot more.

You need to set Anonymous to No Access in the ACL. That'll do. Check for the real differences between the two databases.
0
 
HappyFunBallCommented:
Your ACL settings should be more secured.

Set both your default and anonymous user access to NO ACCESS immediately
0
 
qwaleteeCommented:
Umm, -Default- should NOT be No Access, because that will lock out regular Notes users as well.  If this server is the internal user's mail (or application) server, or the names.nsf on this server replicates with the names.nsf for the mail (or applications) server, then -Default- would normally be Author, or perhaps Reader.

If you are afraid to allow any access under -Default-, then what you need to do is add a mixed group named */CERTNAME with Author (or Reader) access, where CERTNAME is the name of the root Notes certifier that you use.  If you have flat names, you can't do that, and if you have multiple root certifiers, you will need to put each in this way.  Then, you will need to make sure that internet-only users who authenticate but should not have access to names.nsf are registered without the /CERTNAME as their names.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
schubemkCommented:
Check your ACL for a user called "Anonymous".  He should be set to "No Access" on names.nsf.  If he's not there, add him.   Also make sure that entry is in log.nsf.  When we do security audits, the next place we go after names.nsf to harvest user names, database names, and server names  is log.nsf.
0
 
HappyFunBallCommented:
Qwaletee -

Setting -Default- to "No Access" prevents anyone not explicitly included in the ACL from accessing the database.  It doesn't "lock out regular Notes users".  If you then give a group of all company users "Reader" access, you'll be fine.
0
 
RanjeetRainCommented:
I have two recommendations (one worth one cent exactly)

(1) Anonymous
     (a) If you don't already have it, add it.
     (b) Set it to 'No access'
          There is a complete logic behind it. I can explain.

(2) Set the maximum Internet access to 'Read', untill you want your authenticated people to make changes to it from over Internet (a less common scenario).
0
 
RanjeetRainCommented:
Oh, a lot has been said already :)
0
 
RanjeetRainCommented:
May be you can read this and you would come to know most of the things you should do.

http://www-10.lotus.com/ldd/lbytes.nsf/0/f668d51aaa7db800852568480071482f?OpenDocument#Controlling%20Access%20to%20the%20Web%20Ser
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now