Protect your views from XML output

*?readviewentries* can reveal some documents to are trying to hide with a blank $viewtemplatedefault

$Defaultnav is just the beginning. *?readviewentries* can reveal some documents you might be trying to hide with a blank $viewtemplatedefault.

Someone pointed the $defaulnav use could allow anyone to query you view names in case you didn't have a $defaultnav view or you don't redirect users querying the $defaultnav of a view to some others page (using a blank $viewtemplatedefault won't help)

Well we $defaultnav you're able to get all the view names, now if you try to display the view directly the $defaultnav will be "triggered" and you'll see nothing, but what you can do to see all public documents is replace the

http://server/db/view?openview by
http://server/db/view?readviewentries

This will allow you to see all the precious notesid of all the documents in the view that you were trying to hide.

?readviewentries is a nice feature, but you don't want people to see all your public documents this way.

To prevent I suggest doing the same as for $defaultnav a URL redirect to some other page.

Create and URL redirect for all incoming
*?readviewentries* to somepage.htm

This was first published in June 2002

Dig deeper on Domino Resources - Part 4

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.UK

Close