Tuesday, August 08, 2006

Address Book on server? Nah, not for l33t D0m1n0 developerz!

I have found a rather old but still interesting article in The View written by Page Nix. The article shows how Domino applications can have it's own "Address Book" for validating user's login. The main usage area of the application is in web databases where database responsible person wants to quickly add new users and there is no possibility to add these new users to server's (secondary) Address Book. The responsible person can simply create a new user directly in the database.LotusScript agent is used to verify if the login credentials provided by user match the credentials saved in the user document, and if they match the agent sets a cookie to user's browser containing a "session id".
So far I could not find any obvious security risks with this approach. Groups and ACL Roles will not work without additional programming, but in many cases it's not needed.

Demo application is included in the article.

2 comments:

Anonymous said...

Nice blog. I hope the article was useful to you. I still use the technique occasionally for quick and cheap website security.

Good luck,
Page Nix

Fernando said...

Hello Andrei, is there any change to get the demo database?
The view site doesn´t exist anymore