Unexpected / unauthorized use of views
If a user can see the name of a Notes view in a URL, they can use the view much like they would with a Notes client. This is true even if the designer of the database never intended for Web users to use the view that way. The designer can prevent this effect by creating a simple $$ViewTemplate for the view with no $$ViewBody field. That same ViewTemplate can be used to prevent access to several different views simply by adding aliases to the view name (each alias should be separated with a vertical bar "|").
If you see this URL in a Domino application:
a user can insert "?OpenView" after the name of the view, like:
thus giving them possibly unexpected access to the database. That's not so bad if the view only
contains images. It could be much worse if the view contains all documents in the database.
This was first published in November 2000