Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domino Security

Status
Not open for further replies.
ssk1279

ssk1279

IS-IT--Management
Jun 11, 2005
4
AU
I am the network administrator for the company I work for but not the Lotus Notes Administrator.

I have begun learning Lotus Notes to assist the LN Admin.

My first experiment was to test security of the domino server by copying a user mail file from our (eg: company.com) domino server and copy it into my test server (testdomain.com). I was concerned that I could read the user's mail without his ID or password.

My test server has no connection to the real server in any way. (new/different cert/server.ids)

The notes\data\mail directory on the server is restricted to myself and the LNAdmin.

I had the impression that a mail file could not read on another mail system.

Is this true ? or should we be implementing encrypted databases with IDs.

 
Sort by date Sort by votes
Domino/Notes is a very secure mail environment - on the server.
You have local access to the server. You can copy data anywhere you want and do whatever you wish with it. You are acting as Admin.
I would say that your test is not a valid security test. There is no security in the world that is going to keep data secret from someone who can access it locally. Does not exist.
Try accessing the user database from a Notes client with your own ID. If you can access it, then you might be able to copy/replicate the data locally - because you are an admin.
The most common situation in a normal work environment is that you are not the admin and you have no access to anyone's mail. The calendar info, sometimes, but not the mail.
Without access, you cannot copy the file anywhere. That puts a quick stop to any hacking attempts.

You ask a question in the end of your post : a mail file could not read on another mail system.
Any Notes db is accessible via ODBC - if you are authorized to access the db, of course. On a server, this rule is valid for all dbs and access control is, of course, stringently enforced. Locally, access is generally open, so ODBC access is quite feasible.

Tip : you can change the ACL properties of a db and use the option "enforce ACL across replicas" (something like that). Actually, that option enforces the ACL even without a Domino server - so local access from a Notes client can be blocked even locally.

Unfortunately, tools exist that strip a db of their ACL, and can even grant you the power to change the ACL. So, again, security is only guaranteed on the server, not locally.

Pascal.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

frankygee
  • Locked
  • Question
Export Domino Database 6.5 to excel 1
Replies
5
Views
237
pmonett
pmonett
janit
  • Locked
  • Helpful tip
Domino 8xx on Windows 2008 R2 with data folder on a mapped network drive : error writing to pid.nbf
Replies
1
Views
131
janit
janit
redalova
  • Locked
  • Question
Migrate mail box from sun one iplanet messaging 5.2 to Lotus Domino
Replies
0
Views
89
redalova
redalova
PaulMic
  • Locked
  • Question
Domino Server 5.0.11 versus iPhone/iPad
Replies
0
Views
85
PaulMic
PaulMic
jimcoo
  • Locked
  • Question
WAS-Domino cookie issue
Replies
0
Views
140
jimcoo
jimcoo

Part and Inventory Search

Sponsor

Back
Top