• Using views and domino URL commands

    By Alexander S Ignatovich 2 decades ago

    Everyone can view and edit your personal account data using link "…mPortal45.nsf/Users?OpenView"

    Also everyone can delete your site logo using link "…mPortal45.nsf/Site%20Configuration?OpenView" and clicking the "Double click here to open config document." link in opened page. And so on. You can retrieve practically all information from the database using ?OpenView, ?OpenDocument, ?Editdocument URI commands. Try to use "hide from …" checkboxes in "Design Documents" box and create "$$View template for …" forms. See mail design and designer help database for more information.



    Furthermore, try to remove unnecessary views from your database: you are using, for example

    Set view = currdb.GetView("Site Configuration")

    Set ConfigDoc = view.GetFirstDocument

    Try to use

    set dbColl = db.Search({SELECT Form="Configuration" & !@IsAvailable($Conflict)}, Nothing, 1) 'we need only the first document, so the last param = 1, otherwise let it be 0.

    set ConfigDoc = dbColl.getFirstDocument()

    everyone where possible. Large amount of views makes your database large and slow even your base contains few amount of documents.



    Sincerely, and sorry for bad english.

    • Ahh, good catch

      By mike mcpoyle 2 decades ago

      Thanks! Yeah, I've been sort of lax on the security aspect. I have a new release that allows option anonymous/IP-based customizations, so I'll put those updates into that release. Thanks again for the feedback.

      • moreover: "Users" view

        By Alexander S Ignatovich 2 decades ago

        links for this view are somethink like "…mPortal45.nsf/Users/Clifton%20Dorsey?EditDocument". If I delete "&Login" I'll be able to edit Clifton Dorsey profile document.

    • By mike mcpoyle 2 decades ago

      I finally had some time to look into these, but I think there might be a misunderstanding.



      I double-checked, and I'm using authors fields on the Site Configuration, so web users can't edit the doc unless they login and have the [Configuration] role applied in the ACL. This would prohibit people from changing a logo, etc. They would be able to read the config doc, but they'll need that ability unless I do some run-as stuff via agents, and I'd rather not do that.



      I could use the 'Hide From web' on some of the forms, but really, there's nothing secret in them, and if users want to browse the db with url commands, I'm Ok with that. The only downside is they could browse the individual configuration documents since this new release has an optional IP–based customization scheme. Still, if someone downloads this and that concerns them, then they should change the security not force a login to customize. It's a trade-off really…they can either get good security or ease of use, not both…unless you're in a single-sign on environment, then I'd say you could get both:)



      Your idea about using a collection to get the Site Configuration document is not ideal. Building the collection via query and running a getfirstdocument is actually slower than the getdocumentbykey method when you're only trying to get one document. I could further speed this up by using profile documents, which I might do since there's only one Site Config document allowed per database.



      Thanks for the ideas though, and please keep the coming. You're forcing me to think about some stuff that I hadn't paid much attention to before.