We have found a third-party tool that allows clients to view documents they have permission to see and open a local version of this database. We are concerned that when an employee leaves our company, and if they take a copy of a Notes ID and database, they can still open important documents using a third-party tool. How can we add more security? Can we prevent clients from creating a local copy or replica of the database?
Hmmmm ... your question touches one of my hot buttons. You said that users could create a full copy of the database on their personal computers, but there is some code in the database that prevents them from opening certain documents? If this is the case, I am almost certain you have an insecure design. It is usually pretty easy for a smart user to get around any client-side security code. The user can always just copy the docs out to another database that does not contain your form or view restrictions. In general, if users have plain text data (meaning not encrypted) on their personal computers, they can find a way to read it. Send me some an e-mail privately if you want to talk about this some more – [email protected].
Do you have comments on this Ask the Expert question and response? Let us know.
Dig Deeper on Lotus Notes Domino Backup and Recovery
Related Q&A from Chuck Connell
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell helps a Lotus Domino administrator troubleshoot a "File truncated – file may have been damaged" error ... Continue Reading
This administrator has a replication issue between two servers in two domains. Front-end replication works fine, but when replication is initiated ... Continue Reading