News Stay informed about the latest enterprise technology news and product updates.

Ask the Experts: Frederic Dahm answers security questions, part 2

Frederic Dahm answered more of your security questions during his brief residence in's Ask the Expert section. We have an application where we need to eliminate the menu copy function for certain user groups within a database. Can this be accomplished through ECL, and can you point us in the right direction?
The Prevent Copying feature (from technote 137345) permits you to prevent people from copying a message you send.

The Prevent Copying feature is a deterrent, not a security feature. The confidentiality for this feature is maintained via the $KeepPrivate field, which has a value of 1. If a recipient can create and run an agent to strip this field, or to set its value to 0, the recipient will be able to access it.

Regarding Execution Control Lists (ECLs, some of it from technote 183050), the Execution Security Alert dialog is a warning message that lets you know that someone has requested an illegal action as specified in your ECL (located in User Preferences under Security Options). By default, protected operations for scripts, code & formulas not specified in the ECL cannot execute on your workstation.

ECL settings are stored in the DESKTOP5.DSK file. If you restore your original desktop file, you will retain your previous ECL settings. Beginning in Notes 5.0.5, there is a Refresh button available on the Workstation Security dialog box, which updates the ECL settings from the Administration ECL. The Workstation Security dialog box displays by selecting File, Preferences, User Preferences from the Notes menu & then selecting the Security Options button on the Basics tab of the User Preferences dialog box. You receive the default ECL settings when you install a new Notes client onto a machine that is not connected to the network during setup.

Prevent Copying is an all or nothing proposition set for everyone or no one. ECLs deal with the specific execution of code. Prevent Copying is not done via a script, user-written code or a formula, so it doesn't trigger an Execution Security Alert dialog when attempted by a user that doesn't have that right. The e-mail address in the location document can be changed by the user to anyone's address. Some mail sent to the Internet is showing up as if it were sent from the new address. Some users are causing a lot of problems.

I was checking out the various combinations and found that if the user's location document didn't contain an e-mail address, then the address could be taken from the directory, which is the correct address of the user. How do I stop this from happening?
Forcing the server to ignore the Internet Address in the Location document can be done in R5 by removing a Notes Field from the header of the message before they generate the Internet address of the sender. The field in question is the INETFrom field.

Changes to the server Configuration document need to be done only to the last server that handles the outbound Internet mail -- usually the SMTP gateway server.

  1. On the Basics tab of the server configuration document, enable the "International MIME settings for this document" field by checking its box.
  2. In the server configuration document, the "Lookup Internet address for all Notes addresses when Internet address is not defined in document" field on the MIME/Conversion Options/Outbound tabs should be enabled.
  3. In the server configuration document, write the names of the field INETFrom in "Notes fields to be removed from headers" on the MIME/Advanced/Advanced Outbound Message Options tabs. The INETFrom field displays the Internet Address field from the Location document. By removing it, the recipient of the e-mail can't see the Internet Address from the sender's Location document. The "RFC822 phrase handling" field can be set to anything you would like.
  4. In the Person document, make sure that the Internet address of the user is listed in the "Internet address" field in the Mail tab.
  5. Restart the server.

The changes made in step 1 will ensure the changes made in the MIME tab will take effect. The changes made in step 3 will remove the INETFrom field from the outbound Internet mail, which will make Internet address from the Location document invisible. Because the e-mail no longer has an Internet address, the changes made in step 2 will force the router to gather the sender's Internet address from his Person document. Step 4 ensures that the Person document has a valid Internet address. I am creating a performance appraisal database that contains salary ranges based on grades. The managers will need to have access to all grades/salaries that are equal to or below their own. I want to be able to use a lookup and access these encrypted fields, but I've not been successful.

I have tried using profile document, but this bypasses the encryption. I have also tried using @GetDocField, but this didn't work either. Is there any way to access encrypted field values using lookups of some sort?
Before the suggestions, the direct answer to your question is no, there isn't a way that I know of, otherwise it would completely bypass the Lotus Notes security and that would not be a good thing.

As far as suggesting alternative solutions, there are two things I can quickly think of.

The first is to use encryption at the right level, namely, encrypt the whole database instead of encrypting documents. Then give access to the database only to those managers who are at the proper level. This would mean that you would have more than one database, depending on the levels of management in your enterprise. But this might not be a good idea, as your company may be fairly big and might have many levels of management.

The second is for each employee to have a main document, which would have the employee name, coordinates and grade level. Given that this is information that can mostly be easily found (either in the corporate directory or via other systems which may be in operation in your organization), there is no need to encrypt it and lookups can be performed on it. You would also have a subordinate document, which would contain information such as the salary of the employee and any other information of a confidential nature. You would then encrypt this document. The solution would be then that you could do your lookup on the plain-text documents and provide access to the confidential data to people only authorized for that.
Part 1.

Next Steps

Get yourself prepared for the future by adding DevOps skills to your experience.

Dig Deeper on Domino Resources - Part 2

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...