Bugtraq mailing list archives
Re: Lotus Notes Local Replicated Database Problem
From: bram () E-WARENESS BE (bram () E-WARENESS BE)
Date: Wed, 26 Jan 2000 09:40:58 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In Lotus Notes it brings up a password dialog box as usual, but by
accident i
pressed esc, on it.... Now this came up saying it was wrong and try
again.
well i pressed esc again and it brought up an error stating that
Lotus Notes
had, had an internal error. and to my surprise it allowed me to view
my email
without the use of a password. But, every now and then it brings up
the
password dialog box, but each and everytime you can just press Esc
until an
error occurs again and you can view it again, this can take up to 5 -
6 Esc
pressing sequences.
You are accessing your maildatabase locally (you just replicated it). Notes does not need a password to open a database locally, and the philosophy behind it is very simple: if you can view the contents of that specific database -which is just a file- with a text/hex editor, why bother to require a password? If a password would be required, the user felt he would be safe without actually being safe. How can this be changed? In the Access Control List for the database, click on Advanced and select 'Enforce Consistent ACL'... This means that a password is required for opening it... But remember: it's still a local file, and this kind of 'security' can easily be circumvented. Better yet: go to the Database Properties of the local copy of your maildatabase, and click on 'Encryption'. There you can choose to encrypt the database locally for your User ID. This way, the database will only be accessible by you, if you have your userID and your password... Lose your user.id file, and the contents of your maildatabase are lost. Most of the time your notes admins have safely stored backups of ID-files, but you wouldn't be the first to delete your idfile, to find out that there is no backup left.
Like I say it might be a known problem, but i have copied Lotus on
it, and am
awaiting there reply.
This is how the software works. This is not a problem. Ask your Notes support people on how to encrypt local databases - which should be done if you have a laptop. Notes/Domino has one of the best security systems/philosopies I have seen yet. It takes however some knowledge to set it up properly on the serverside, and just a littlebit training for the end user. Bram -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com> iQA/AwUBOI6kuzMB44xYPakpEQKtEwCgjbNcT0dbkud5bEDJG4HQll6mGdgAn0rf tcrBg4Udkd40GCrtd70eDv41 =2+Mi -----END PGP SIGNATURE-----
Current thread:
- Lotus Notes Local Replicated Database Problem Matt Storey (Jan 25)
- <Possible follow-ups>
- Re: Lotus Notes Local Replicated Database Problem bram () E-WARENESS BE (Jan 26)