I have developed a system that receives XML information posted to an Agent. This agent must access an XSLT file, which in order to avoid having it on both my development & live servers in the file system, I have implemented as a Page. In order that the Agent can access it, this Page is marked as 'Available to Public Access users', & works just fine.
However, having just tied down the ACL before rolling it out into production, I was reminded that the Agent also needs to access one of the documents imported from the XML (the agent transforms the XML into DXL using this XSLT, then imports the resulting XML as NotesDocuments). I have a special view with a Form Formula, that opens the aforementioned document in a form which shows the XML response. Currently, the agent reads in the XML from this document via the view, then prints it to the posting client. However, like the XSLT file, the server agent needs to access this document anonymously, so I have set the 'Available to Public Access users' property on the View & the XML form, & I have created a Computed for Display field on the XML form called $PublicAccess, with "1" as its value. As this didn't work, I have even tried changing this field to a Computed field, & moving it to the form the document was originally created using, so the document itself has a permanent $PublicAccess="1" field, & the agent still returns nothing, & sure enough, when opening the URL with my browser, I get a login box.
So, what am I missing with this Public Access thing? I don't want to allow the whole database to be open to anonymous users, as it contains orders for a client. Even though nobody will know the exact URLs to find the order information, & I could simply put redirects on any obvious URLs, this doesn't seem like a secure solution! I appreciate that if it was working as I intended, then the XML response to the orders would be available to anonymous users, but I don't see this as too much of an issue, as they are only available via URLs like this: http://server/database/(Responses)/Q1W2E3R4T5Y6U7I88025715C005AEE25
, & it has to better than having a browsable database open to all!