Re: Lotus Domino View ACL by-pass (#NISR29102001C)

[Darren Davison <dd () edefl demon co uk>]

On Wednesday 31 October 2001 02:40, NGSSoftware Insight Security Research 
wrote:

> A Lotus Notes database contains documents which are organized into views.

to be more correct, the database contains documents which *can* be organized 
into views.  That's not to be pedantic, but it's crucial in understanding the 
relationship between the data and the design of the database.


> Access control lists can be applied to the database itself, views and
> documents. If a user has been denied access to a view, NISR have discovered
> that it is possible to by-pass the permissions set on that view and access
> the documents one would expect it to protect.

views do not, nor are they intended to protect the documents they 'contain', 
they are merely a convenience.  Hiding the view or restricting its access to 
certain users is simply an extension of that convenience.  Data (ie 
documents) are correctly protected by readers fields, document encryption or 
field level encryption.

> From the online help of the Domino Designer client..
".. Users who are excluded from the access list will no longer see the view 
or folder in the View menu.  A view or folder read access list is not a true 
security measure."

D