|
Hi Rob,
Here is an answer from Frederic Dahm at Lotus, who helps me out from time to
time.
Chuck
+++++++++++++++++++++++++++++++++++++++
From Frederic:
I had to think about this one for a small while. The person wants to curtail
access to the public directory because of a perceived security risk. My
thoughts on this is that this is not a security risk, because, well, the
information is supposed to be, well, public. Granted, there is an
unneasiness about hashed passwords in the directory, but this can be
alleviated by using a shadow directory for authentication purposes only.
Imposing changes on the iNotes Web Access client eliminates the ease of use
and increases the administrative overhead. It is best that the person in
question do what any security-minded person would do: 1) determine what
constitutes this probable security risk, 2) determine what information is
sensitive, 3) determine the risk and costs associated with the disclosure of
said sensitive information and, 4) apply the corrective measures at the
directory (not client) level.
|
