Lotus Notes & Domino
Home Up Lotus Notes & Domino Domino Lotus Notes 6 Domino Lotus Notes 7

 

Home Next

Up
LotusScript Logical Operators
The Replication Gremlin

ourmission
theweb.gif (1103 bytes)
booksandbibles16
thenewsroom
governmentrm.gif (1147 bytes)
searchpage
tutorials
webtools
websecurity

What is the Web?

Privacy & Disclaimer
copyrights
notices
HOME

Visitors Since
Aug - 2004
Hit Counter

 

New Domino V6

There have been many visits, so now I am going to add Domino Lotus Notes 6 to my site.

Full Text Search's 5000

I was writing some VB code, and I created a program to go into a view of a database and pull the documents out into both an Access database, and a summary text report.

Well, it turns out, that even though I checked to see if the database was FULL TEXT INDEXED, there was a limit as to the number of documents it would return. And thus, the story of the Full Text 5000.

Replication & Such

There are many things that affect a Notes database when real-time document entry is anticipated. The big thing that we lookout for is errors either editorially, graphically, or phonetically.

To help catch these and other errors before publishing to the world, we tend to add a review cycle using Notes' agents. The timeliness of the review and authorization cycle is greatly affected by the great Notes gremlin called Replication.

When we are in an organization that only has a single Notes server, the timeliness appears to be immediate. However, as multiple servers and global locations enter into the picture, the Replication gremlin begins to take on a magnificent life of its own.

bulletLotus Links & Info
bulletDomino Links & Info
bulletLotus's Notes.Net site
bulletTop downloads for all Notes products
bulletAlternet Support Site
bulletLotus Sites To See
bulletTips & Tricks

 

 

Lotus Notes & Domino
Table
bulletLotus Links & Info
bulletDomino Links & Info
bulletLotus's Notes.Net site
bulletTop downloads for all Notes products
bulletAlternet Support Site
bulletLotus Sites To See
bulletTips & Tricks

 

Lotus Links & Info

Lotus

bulletMain Page
bulletProduct Downloads (FTP & Top 10)
bulletDomino 4.6 Info
bulletService & Support Center
bulletFrank Cseh's Domino pages

 

Lotus Sites To See

bulletThe European Lotus Notes Homepage maintained by Jorn Bijnsdorp.
bulletNotes Related Web Sites by Ken
bulletThe Lotus Notes Homepage of Siva Ramanathan
bulletSiva's Links

 

Domino Links & Info

Domino

bulletMain Page
bulletDownloads

 

Domino 4.6 Info

bulletBeta 4.6 download at Notes.Net
bulletBinaryTree Domino Knowledge Base

 

Tips & Tricks

bullet

Disabling the ?Open command

bullet

You CAN hide directories

bullet

Security Problem - Editing a Domino Document

bulletDisabling the ?Open command
Add an undocumented field (Keyword field) "HTTP_DatabaseBrowsing" in the HTTP Server section(Subform) in the server document. Set it to Yes | 1 (to allow) and No | 0 to disallow.I believe this feature is present in Version 4.5.
bulletYou CAN hide directories, dir links and single files.
Just use ATTRIB +H to set the hidden bit. Since Notes 4 when opening the directories ALSO respects the hidden bit, and DOMINO does a LOCAL open, you can effectively hide whatever you want.
bulletSecurity Problem - Editing a Domino Document - Credits : Weld Pond & Ned Batchelder

Scenario:
Lotus Domino is a web interface which allows users to access Lotus Notes databases via HTTP. Many Domino sites on the Internet have incorrect permissions granted to anonymous or registered users. Some Domino web sites have relied on the design of their web pages to keep users from accessing the commands to edit and delete documents. This can be bypassed by editing the URL for the Domino web site. Once an edit form is obtained, it is possible to enter data under the identity of another user. Server side scripting associated with that document will be executed.

Details:
A Domino URL is broken into several parts. The IP address, the database path, an unknown ID (in hex), a document ID (in hex) and then the command. In the example below the command is OpenDocument http://199.99.99.99/database.nsf/e1466a8590/6048076233?OpenDocument

(The hex strings have been shortened in this example. They are actually 32 chars each.)
A Domino page for displaying a document may have hyperlinks that link to commands to edit or delete the document. We have found many web sites where these hyperlinks have been left out to keep users from editing the documents.

You can edit the URL in your browser to recreate the links that have been left out. If the permissions on the document are not configured properly to deny edit permission or deny delete permission then you will be able to edit or delete the document.

If the Domino site has permissions set to deny editing, you may still be presented with the edit form for the document. You will not be able to submit your edits however. Sometimes the edit form contains information not visible in the display version of the document. This is often the case since it is assumed that this page was inaccessible by not providing the edit link.

To edit the document in the example above, replace the OpenDocument command at the end of the URL with EditDocument. To delete a document replace it with DeleteDocument.

Examples:

http://199.99.99.99/database.nsf/e146fa8590/6148076233?EditDocument
http://199.99.99.99/database.nsf/e146fa8590/6148076233?DeleteDocument

 
Last Modified: Saturday, 20. August 2005 12:29 PM -0400
Last Edit: Friday, 18. June 2004

Home Up Next
LotusScript Logical Operators ] The Replication Gremlin ]
eMail

Disclaimer: We do not hold any responsibility or creative control over the contents of the web  sites and documents referenced by our links. They solely express the opinions of their respective authors and not Ugenie PCS. Items and information are provided as links because they appear to have relevant content to topics presented on our web site(s).  Ugenie PCS does not continually verify the truthfulness or locations of their contents.  Ugenie PCS does not endorse, recommend, or guarantee any particular software.
Software and other items on these pages are provided as a service only and maybe copyrighted by their respective owners. Requests for additions to, or removal from, this or other pages should be sent to Content Management@CezWright.com.
Additionally
 

 

Hit Counter