Ouch. You have found a problem with servlets. The servlet "is" the server and there is no way of changing this. If you had an agent and had it "Run agent as Web user", you could use Domino reader names and other security mechanisms. But you probably chose servlets to get performance. Here's an idea, but it is not "real" secure. Look at the @password @function. I have posted a tip that describes what you can do using this @function: https://searchdomino.techtarget.com/tip/Creating-good-URL-keys Basically you could scramble the key ? that is the user name ? using @password. You do this using @password both in the request URL and in the document(s) that you need to retrieve. The problem is that this is still not secure. Someone could start guessing the scrambled keys. There is no way of figuring out what the scrambled version of a certain name would look like, but if you are determined to retrieve sensitive data you could run through all the possible keys.
Dig Deeper on Domino Resources - Part 5
Related Q&A from Jens Bruntt
Web Development expert Jens Bruntt offers suggestions on how to programmatically copy and hide attachments in Lotus Notes rich-text fields. Continue Reading
Learn about an add-on Domino developers can use to programmatically edit rich-text field tables from within the Lotus Notes client. Continue Reading
Web Development expert Jens Bruntt outlines three potential issues to consider when troubleshooting Lotus Notes Domino tabbed table problems. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.