Tuesday, August 08, 2006

Address Book on server? Nah, not for l33t D0m1n0 developerz!

I have found a rather old but still interesting article in The View written by Page Nix. The article shows how Domino applications can have it's own "Address Book" for validating user's login. The main usage area of the application is in web databases where database responsible person wants to quickly add new users and there is no possibility to add these new users to server's (secondary) Address Book. The responsible person can simply create a new user directly in the database.LotusScript agent is used to verify if the login credentials provided by user match the credentials saved in the user document, and if they match the agent sets a cookie to user's browser containing a "session id".
So far I could not find any obvious security risks with this approach. Groups and ACL Roles will not work without additional programming, but in many cases it's not needed.

Demo application is included in the article.

3 comments:

Anonymous said...

Nice blog. I hope the article was useful to you. I still use the technique occasionally for quick and cheap website security.

Good luck,
Page Nix

Alex said...

I often work with address book in my OE. Yesterday I opened it and added some new contacts. But today I couldn't find anything of all my data in it. For luck I found in the Internet this software - outlook express repair address. I was very surprised when the tool solved my problem for a minute and I didn't spend the money. It was great and quite rapid.

Fernando said...

Hello Andrei, is there any change to get the demo database?
The view site doesn´t exist anymore