[Previous] [Next] [Index]
[Thread]
Re: Domino
>Does anyone have knowledge about the strength of security implemented by
>Lotus Notes 4 and Domino? Suppose that we are storing two kinds of
>information on one Notes server - one type is suitable for general public
>access through the internet, and the other is for internal use only. Is
>Lotus Notes/Domino's security strong enough that knowledgeable and
>malicious people outside of our organization are prevented from accessing
>our internal information?
If your server is properly configured, you can protect yourself. Here's how it
works:
Every Notes database has an ACL, which lists the users (or groups) who are
allowed what access to the database. If the database is world readable, it can
be read by all Notes clients and Web Browser clients. If anyone were to be so
foolish as to make a database world writeable, it can be updated by all Notes
clients and Web Browser clients.
If the ACL restricts use, then only authenticated users can access it. Notes
clients authenticate using their RSA private keys and public key certificates.
This is very secure. Web Browser clients authenticate using a password that is
sent in the clear and verified using a hashed value stored in the server's Name
and Address book. This is not very secure for all the usual reasons. Only users
who have a hashed password stored on the server can so authenticate.
If you wanted to make a database accessible only to Notes clients, you would
set the ACL to not include any users who have hashed passwords stored on the
server. Because this is a common desire and administratively cumbersome to
assure, in the next release of Notes (4.5), there will be a new field in the
ACL called "Maximum access from an Internet Browser". By setting that field to
"None", all access via a browser can be denied (or by making it "Reader",
access can be limited to reading the database).
>Other alternatives would be to store the
>external information on a separate HTTP server, or to have two Lotus
>Notes servers - one for public access and one for internal access, with
>the public machine outside the firewall.
This is a conservative approach and will protect against various kinds of
accidental misconfiguration. You might keep a replica of the public data on the
server inside the firewall and have Notes keep the two copies loosely
synchronized. This would also protect against denial of service to internal
users if the external machine were overwhelmed with requests.
--Charlie Kaufman
(charlie_kaufman@iris.com)