On Mon, 5 Jul 1999, Aleph One wrote: > http://www.l0pht.com/advisories/domino3.txt > > It seems nine months after L0pht posted their advisory on file view > problems in Lotus Notes, the problem is alive and well. The issues concerning incorrect Notes ACLs and using www.server.com/database.nsf?Open to access databases anonymously when ACLs are incorrect were first raised in an earlier L0pht Advisory: http://www.l0pht.com/advisories/domino2.txt This advisory from 1/98 goes into better detail than the domino3.txt advisory about the improper ACL problem giving anonymous users access to Notes databases. Improper ACLs have been a staple of Notes web deployments since we wrote our first Notes advisory back in 1996! No matter how many advisories are written the problem doesn't seem to go away. I haven't had a chance to look at Notes R5 yet but I hope Lotus has taken some of our earlier suggestions. One was improving the default ACLs and their inheritance from templates. Another was simplifying the UI for checking that all the databases on a server have the proper ACLs restricting anonymous access. These improvements will go a long way towards solving this problem. -weld
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:44 PDT