Domino security

Tyler Close tyler@waterken.com
Sun, 7 Nov 1999 21:56:52 -0500


Hi all,

My interest sparked by Jonathan's comments about Domino,
I've been surfing their web site.

There's a document titled "Designing a secure Domino app"
that talks only about the various levels of ACLs in Domino.
These ACLs seem solely concerned with creating a hierarchy
of ACLs that bottom out in an ACL for each entity in a form.
The model seems very document centric.

The document is at:
http://www.notes.net/today.nsf/cbb328e5c12843a9852563dc00672
1c7/71102330e24a7ce5852564b5005e3682?OpenDocument

What confuses me about this is that the URL quite evidently
contains 2 Swiss numbers. At the application level, no
attempt is made to use these as the basis for security. I
don't know what they are for.

The site glossary and FAQ contains no mention of
capabilities. The design document uses the word "capability"
only twice. Both times in much the same sense as Ping
reported from the POSIX documentation.

Interestingly, the site reveals two of the main problems
with ACLs in their document "Four Tips for Securing Your
Domino Web Site".
http://www.lotus.com/developers/itcentral.nsf/9eb709ac4f03ac
c88525675f00783220/f445dcf40cad7e4e852567af006f95b7?OpenDocu
ment

---BEGIN EXERPT---
Tip 1. Restrict Access to Sensitive Documents
Limit access to sensitive materials using reader name fields
and/or access lists on views.
Tip 2. Check the Access Control List
Review the Access Control List (ACL) settings for each .NSF
file on your Domino server. In addition to checking the ACL
for your application databases, be sure to also check the
ACL of system databases such as NAMES.NSF, LOG.NSF,
ADMIN4.NSF, DOMCFG.NSF, etc. What is the "-default-" access
control set to? What is "Anonymous" set to? What is the
Maximum Internet name & password access set to in the
Advanced ACL settings?
---END EXERPT---

There's also a link to "The ABC's of using the ACL".

I'm very curious about those Swiss numbers. They are both
fixed and not session based. (I tried disconnecting from my
ISP and restarting my browser.) I'm guessing they're just
identifiers, not capabilities. If so, then I don't know why
they are 128-bit. Perhaps they are just suffering from the
same addressing angst that the IPv6 people were.

Tyler