Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Setting not to display the Access Control List settings
Notes users who don't have administrator privileges cannot change ACLs of Database but can view the settings of Access Control List.
We do not want to show the group names, server names, user name etc. displayed in the Access Control List to them...
users locked out due to wrong password or wrong password strikes have their own Statistics in Domino, so later they can be monitored.
Another idea on Domino.ideas.aha.io is to log per protocol strikes and locks.
If we can create new statistics this would help to monitor security with DDM or external solution
Security.POP3.Strikes.Total = 30
Create a rule for the Domino web server so that "If (IP address IS NOT 10.1.1.*) AND (User IS John Smith) THEN PROHIBIT ACCESS". Presently, it is only possible by restricting the IP address (by configuring a blacklist on the server) and user restr...
Password Security / Policy for Internet MUST track history for specified reuse
This capability is missing on the Internet side. Password policies everywhere now require that you cannot reuse past passwords for at least 'x' iterations. Security/Auditors/Risk people are demanding that we write something to ensure that browser ...
Able to retain the content entered in any XPage whenever any error occurs on Save or Submit.
Below error appears when we upload a file that exceeds the size limit on the server side, the following error will be displayed. Issue can be reproduced using File Upload control option in any X-page. ---------------------------------------- Http ...
Http task should Identify the user status active/blocked before proceed for password authentication
Currently http behavior are like this : In case you blocked (added in deny group) the user in domino server and and HTTP task is configured to obey this setting, (in server document - ports internet ports web- Enforce server access settings: Yes) ...
Samesite attributes to be strict or lax for the sessionID this is usually found on the application that uses XPAGES.
After following the article below, only DomAuthSessId can only be setup to strict or lax. The samesite attributes of the sessionID have no value. https://help.hcltechsw.com/domino/12.0.0/admin/conf_samesite_cookie.html