Ask the Expert

If ACL of names.nsf is set to enforce consistent ACL, could a hacker succeed?

I recently read an article in eWEEK about a hacker who was able to break into a Domino server. This was done as a demonstration to the company owners as an audit of their vulnerability to attacks. The hacker was able to open the names.nsf file and to see various IDs that I assume were stored in a directory folder. If the ACL of the names.nsf was set to enforce consistent ACL, how would a hacker be able to open it?
Easy. If the Default or Anonymous entries in the Access Control List are set to Read, anyone can see the IDs that are attached to the person documents. This highlights the fact that Domino/Notes is a very secure system IF IT IS SET UP CORRECTLY. Leaving names.nsf wide open for reader access is a known problem, and smart hackers know to look for it.

This was first published in October 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: