Manage Learn to apply best practices and optimize your operations.

Controlling Users Browsing thru Domino Apps

Unexpected / unauthorized use of views

If a user can see the name of a Notes view in a URL, they can use the view much like they would with a Notes client. This is true even if the designer of the database never intended for Web users to use the view that way. The designer can prevent this effect by creating a simple $$ViewTemplate for the view with no $$ViewBody field. That same ViewTemplate can be used to prevent access to several different views simply by adding aliases to the view name (each alias should be separated with a vertical bar "|").

If you see this URL in a Domino application:$file/logo.gif

a user can insert "?OpenView" after the name of the view, like:

thus giving them possibly unexpected access to the database. That's not so bad if the view only contains images. It could be much worse if the view contains all documents in the database.

Dig Deeper on Domino Resources - Part 3

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...