Re: Lotus Notes Local Replicated Database Problem

From: bram@E-WARENESS.BE
Date: Wed Jan 26 2000 - 00:40:58 PST

Next message: Mudge: "Re: S/Key & OPIE Database Vulnerability"

Previous message: Steve VanDevender: "Re: S/Key & OPIE Database Vulnerability"
Maybe in reply to: Matt Storey: "Lotus Notes Local Replicated Database Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>In Lotus Notes it brings up a password dialog box as usual, but by
accident i
>pressed esc, on it....  Now this came up saying it was wrong and try
again.
>well i pressed esc again and it brought up an error stating that
Lotus Notes
>had, had an internal error.  and to my surprise it allowed me to view
my email
>without the use of a password.  But, every now and then it brings up
the
>password dialog box, but each and everytime you can just press Esc
until an
>error occurs again and you can view it again, this can take up to 5 -
6 Esc
>pressing sequences.

You are accessing your maildatabase locally (you just replicated it).
Notes does not need a password to open a database locally, and the
philosophy behind it is very simple: if you can view the contents of
that specific database -which is just a file- with a text/hex editor,
why bother to require a password?  If a password would be required,
the user felt he would be safe without actually being safe.

How can this be changed?

In the Access Control List for the database, click on Advanced and
select 'Enforce Consistent ACL'... This means that a password is
required for opening it... But remember: it's still a local file, and
this kind of 'security' can easily be circumvented.
Better yet: go to the Database Properties of the local copy of your
maildatabase, and click on 'Encryption'. There you can choose to
encrypt the database locally for your User ID. This way, the database
will only be accessible by you, if you have your userID and your
password... Lose your user.id file, and the contents of your
maildatabase are lost.  Most of the time your notes admins have safely
stored backups of ID-files, but you wouldn't be the first to delete
your idfile, to find out that there is no backup left.

>Like I say it might be a known problem, but i have copied Lotus on
it, and am
>awaiting there reply.

This is how the software works. This is not a problem.

Ask your Notes support people on how to encrypt local databases -
which should be done if you have a laptop. Notes/Domino has one of the
best security systems/philosopies I have seen yet. It takes however
some knowledge to set it up properly on the serverside, and just a
littlebit training for the end user.

Bram
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQA/AwUBOI6kuzMB44xYPakpEQKtEwCgjbNcT0dbkud5bEDJG4HQll6mGdgAn0rf
tcrBg4Udkd40GCrtd70eDv41
=2+Mi
-----END PGP SIGNATURE-----

Next message: Mudge: "Re: S/Key & OPIE Database Vulnerability"
Previous message: Steve VanDevender: "Re: S/Key & OPIE Database Vulnerability"
Maybe in reply to: Matt Storey: "Lotus Notes Local Replicated Database Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:31:31 PDT