Manage Learn to apply best practices and optimize your operations.

Protect your views from XML output

*?readviewentries* can reveal some documents to are trying to hide with a blank $viewtemplatedefault

$Defaultnav is just the beginning. *?readviewentries* can reveal some documents you might be trying to hide with a blank $viewtemplatedefault.

Someone pointed the $defaulnav use could allow anyone to query you view names in case you didn't have a $defaultnav view or you don't redirect users querying the $defaultnav of a view to some others page (using a blank $viewtemplatedefault won't help)

Well we $defaultnav you're able to get all the view names, now if you try to display the view directly the $defaultnav will be "triggered" and you'll see nothing, but what you can do to see all public documents is replace the

http://server/db/view?openview by

This will allow you to see all the precious notesid of all the documents in the view that you were trying to hide.

?readviewentries is a nice feature, but you don't want people to see all your public documents this way.

To prevent I suggest doing the same as for $defaultnav a URL redirect to some other page.

Create and URL redirect for all incoming
*?readviewentries* to somepage.htm

Dig Deeper on Domino Resources - Part 4

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...