• Maximum Internet Access

    By Oliver Busse 1 decade ago

    Is it really a good way to set the Maximum Internet Access to Manager on all databases that I want to control via this tool? Is there no other way to modify the ACL from the app? I agree to set the Maximum Internet Access for this app but not for other applications - and I don't think admins will agree to that as well.

    • By Shamsh Mr Khan 1 decade ago

      Hi Oliver,

      I completely agree with you, that definitely we'll have to compromise with security by setting Maximum Internet Access to Manager. This will be applicable in case the Web user is not being authenticated using SSL Client certificates, then we'll have to compromise to access the databases as Manager in order to modify the ACL from Web, whereas in other case there are some exception we can consider as below:

      “If the Web user is being authenticated using SSL Client certificates, then the “Maximum Internet name & password access” field does NOT apply to them. These users have the full access granted to them in the ACL. In other words, if the access list says that they have “Manager” access, they truly have Manager access to the database and not the access specified in the “Maximum Internet name & password access” field.

      So, in this case hopefully we can very well use this tool without making any changes in Maximum Internet Access setting for the databases.

      Here are some reference url's for the comments mentioned above:
      1. http://searchdomino.techtarget.com/tip/Max-Internet-Access-Restriction-Does-Not-Apply-To-SSL-Users
      2. http://www-01.ibm.com/support/knowledgecenter/SSKTMJ_8.5.3/com.ibm.help.domino.admin85.doc/H_INTERNET_USERS_AND_DATABASE_ACCESS_OVERVIEW.html
      3. http://www-12.lotus.com/ldd/doc/domino_notes/Rnext/help6_admin.nsf/f4b82fbb75e942a6852566ac0037f284/000041ed5a8bcda585256c1d00399449?OpenDocument


      I am yet to test the changes due to a little busy schedule, but I don't want others to stop if they can manage the settings above.


      I will be more than happy to know if works well.


      Thanks
      Shamsh

      • By Oliver Busse 1 decade ago

        Hi Shamsh,

        thank you for the detailed answer. The bottom line then is: it is best practise to use SSL when using your application - I think this is anyway the best way to use a web application.

        • By Shamsh Mr Khan 1 decade ago

          Thanks Oliver…

          I will explore more on this point to if there's some alternative solution and update my tool accordingly.

          Thanks,
          Shamsh