How to prevent use of the $DefaultNav command in R5.x

How to prevent use of the $DefaultNav command in R5.x

From "Building Secure Domino Web Applications," by Carl Kriger, Lotus Development product manager for Mobile Notes & Wireless, which originally appeared in the July/August 2000 edition of The View, http://www.eview.com.

The $DefaultNav command has been around essentially since the beginning of the Domino server. Most developers are painfully aware that it exists and that it effectively allows unfriendly users to bypass their control of the launch options. So, as a common practice, developers hide views just to prevent them from being listed when the $DefaultNav command is used. But, is it possible to prevent the $DefaultNav from presenting the list of non-hidden views at all?

Prior to R5.x, the answer to this question was (and still is) "No." There's nothing a developer can do to prevent users from reconstructing the URL, appending /$DefaultNav, and presenting themselves with a list of the views that are not hidden in the application. The reason is that Domino does not use the $$NavigatorTemplateDefault form to display results for $DefaultNav; therefore, you cannot use this form to capture the $DefaultNav command and control what is displayed. However, developers working in pre-R5.x Domino environments can hide all views by surrounding the view name with parentheses, effectively disabling the $DefaultNav command.

In R5.x, however, the answer to the question is "Yes." It is possible to prevent the $DefaultNav command from presenting the list of non-hidden views ... but in a way that may not be so obvious. To prevent the use of the $DefaultNav command, R5.x developers can create a URL redirect that captures the incoming request and directs the user to a different URL -- perhaps one that opens a page with the text, "Access Denied," for example. This technique is now possible because in R5.x wildcards can be used in URL redirects -- opening the door for developers to regain control of their launch options by preventing the use of the $DefaultNav?OpenNavigator URL command (or any other Domino URL command for that matter) in a URL that a browser user might reconstruct.

Here are the steps to create a URL redirection document in the Domino Directory for R5.x Domino servers only:

1. Open the Domino Directory on the R5.x server.

2. Create a URL Mapping/Redirection document using the Web... action (located in the Servers view of the Domino Directory).

3. A URL Mapping/Redirection document has four tabs: Basics, Site Information, Mapping, and Administration. In the Basics tab, set the "What do you want to set up?" field to "URL --> Redirection URL."

4. Leave the Site Information tab blank, unless you're dealing with a specific virtual server.

5. Set the fields in the Mapping tab to be similar to:

Incoming URL path: */*.nsf/$defaltNav Redirection URL string: http://www.lotus.com

This redirection document sends the brower user to the Lotus site.

6. Save the document.

7. View the document in the Web Configurations view of the Directory.

8. Restart the Domino server for the changes to take effect.

This URL Redirection document will work on all Domino server platforms with the exception of Sun Solaris, a platform on which URL redirections are case sensitive. If Domino is running on Sun Solaris, you must create a URL Redirection document for each case variation of the URL path.


This was first published in July 2000

Dig deeper on Domino Resources - Part 6

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchDataCenter

SearchExchange

SearchContentManagement

Close