Unexpected / unauthorized use of views
If a user can see the name of a Notes view in a URL, they can use the view much like they would with a Notes client. This is true even if the designer of the database never intended for Web users to use the view that way. The designer can prevent this effect by creating a simple $$ViewTemplate for the view with no $$ViewBody field. That same ViewTemplate can be used to prevent access to several different views simply by adding aliases to the view name (each alias should be separated with a vertical bar "|").
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
If you see this URL in a Domino application:
a user can insert "?OpenView" after the name of the view, like:
thus giving them possibly unexpected access to the database. That's not so bad if the view only contains images. It could be much worse if the view contains all documents in the database.