Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Notes Domino Server Platform for e-commerce?

From: marc () MUCOM CO IL (Marc Esipovich)
Date: Wed, 9 Feb 2000 02:22:37 -0200

BF> some folks in my company would like to install an e-commerce
BF> web-server based on Lotus Domino 5.0. Does anybody have concerns
BF> about the vulnerability of Notes/Domino regarding this purpose?

Any special reason? or is that the only thing they are able to
install/configure/maintain?


Lotus Domino/Notes version 4.6x and 5 is secure.


That's an odd thing to say, not entirely true -- by definition.



Notes passwords are stored in the NAB which can be secured with
encryption.



Wow, what kind? prop.? let's hope it's not a simple xor :)


Be sure to change the default ACL access on the Domino configuration
dB and the Web Admin dB to NO ACCESS


Be sure to use a free, well audited, web daemon, apache is a good
choice, and besides, why use a beast such as Domino as an e-commerce
server? security aside, can it take the load?

BF> face. Is there anybody who can confirm this? If so, is there
BF> anybody who knows whether I can suppress this kind of hacking
BF> with a firewall?

Firewall is a broad concept, what will best suit you here is a proxy kind
of firewall, which inspects the web traffic (in your case).
besides, even the "best" firewall will give you nearly nothing when
improperly configured.

        Marc Esipovich.

---
root is only a few clicks away...
Previous By Date Next
Previous By Thread Next

Current thread: