
	Home > Ask the Domino Experts > Spam and Security Questions & Answers > If ACL of names.nsf is set to enforce consistent ACL, could a hacker succeed?

Ask The Domino Expert: Questions & Answers

EMAIL THIS

If ACL of names.nsf is set to enforce consistent ACL, could a hacker succeed?

EXPERT RESPONSE FROM: Chuck Connell

		Pose a Question

		Other Domino Categories

		Meet all Domino Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 21 October 2003
I recently read an article in eWEEK about a hacker who was able to break into a Domino server. This was done as a demonstration to the company owners as an audit of their vulnerability to attacks. The hacker was able to open the names.nsf file and to see various IDs that I assume were stored in a directory folder. If the ACL of the names.nsf was set to enforce consistent ACL, how would a hacker be able to open it?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Spam and Security
	Can I encrypt an email sender's name?
	Changing timeout intervals for Domino Web Access authentication
	Putting a stop to incoming spam on Lotus Notes 6.5
	Restoring a corrupt Lotus Notes certlog.nsf file
	Troubleshooting a constantly corrupting names.nsf file
	Lotus Notes replication snafu: Accidentally deleted archived email
	Getting past expired IDs
	Creating a single sign-on for .NET and Lotus Notes
	Error restoring an NSF archive file: 'File truncated - file may have been damaged'
	Setting corporate mail file size policies on NSF files

Lotus Notes Domino Access, Permissions and Authentication

Display Lotus Notes user group membership details in a tree view

How DirLint verifies data in Lotus Notes Domino 8 directories

Fix and update Lotus Notes documents with limited access

Lotus Notes access error: 'database is not opened yet'

Formula language button manages Deny Access list searches

Update the ACL from the Roles view with LotusScript

Secure Lotus Notes 8 with the Internet password lockout feature

Find a Lotus Notes user within NAB Deny Access groups

Move a Lotus Domino server to a new certifier without a reinstall

Troubleshoot Lotus Notes Out of Office (OOO) agent error messages

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Easy. If the Default or Anonymous entries in the Access Control List are set to Read, anyone can see the IDs that are attached to the person documents. This highlights the fact that Domino/Notes is a very secure system IF IT IS SET UP CORRECTLY. Leaving names.nsf wide open for reader access is a known problem, and smart hackers know to look for it.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Lotus Notes Domino on Blackberry and mobile devices

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 1999 - 2009, TechTarget \| Read our Privacy Policy