Get started Bring yourself up to speed with our introductory content.

Configuration documents and security risk

I have a customer who is concerned about the possible security ramifications of leaving the server and configuration documents open to reader access. The customer has no Web or browser access and has tight controls over user ID's. The question is: What, if anything, do most administrators do to hide the server and configuration documents?

The original request from the customer was that I hide the entire configuration view in their Domino 6.5.2 directory. I am trying to write up a document explaining exactly what should be protected and why. Any comments would be greatly appreciated.

Notes users must have reader access to the names.nsf database in order to address their e-mail. In my opinion, allowing a valid internal user to SEE the server and configuration documents is not a problem. Of course, users should not be able to CHANGE names.nsf, but that is a separate question. The only security concern I can see with reading configuration documents is for a very sophisticated user who could use some information from the configuration to create a complex attack. This is possible, but not too likely in my opinion. Is there a particular attack that your customer is trying to prevent? Why doesn't he/she want users to see the configuration documents? If there is an easy attack in this way, please let me know. I'll learn something.

Do you have comments on this Ask the Expert question and response? Let us know.

Dig Deeper on Lotus Notes Domino User Settings

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...