Re: Notes Domino Server Platform for e-commerce?

[derek () INFINET COM (Derek Reynolds)]

Hello Frank,

Lotus Domino/Notes version 4.6x and 5 is secure.

Notes passwords are stored in the NAB which can be secured with
encryption.

Be sure to change the default ACL access on the Domino configuration
dB and the Web Admin dB to NO ACCESS

If you have any questions or concerns let me know.

--
Best regards,
 Derek                            mailto:derek () infinet com
 CLP - Certified Lotus Professional R4/R5

Monday, February 07, 2000, 8:23:38 AM, you wrote:
BF> Hi there,

BF> some folks in my company would like to install an e-commerce
BF> web-server based on Lotus Domino 5.0. Does anybody have concerns
BF> about the vulnerability of Notes/Domino regarding this purpose?

BF> I have heart that it should be possible for *bad* people to get
BF> the admin password out of a notes database through a web inter-
BF> face. Is there anybody who can confirm this? If so, is there
BF> anybody who knows whether I can suppress this kind of hacking
BF> with a firewall?

BF> Any kind of suggestions expected to be helpful!

BF> Frank Baasner
BF> Aral Germany

BF> (originally I sent this message to the bugtraq list but got the
BF>  reply fomr Elias Levy, <owner-bugtraq () securityfocus com>:
BF>  "This type of messages should be sent to vuln-dev at
BF>   vuln-dev () securityfocus com." Here I am.)