HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

ADD A NEW IDEA

FILTER BY CATEGORY

Security

Showing 266

SAN support for Certificates issued via Domino CA

While it's very nice to see that 11.0.1 now at last implements support for SAN certificates in the ca process at all, I'd very much like to see it not only for certificates in person documents but also for certificates requested via certreq.nsf, b...
over 3 years ago in Domino / Security 1 Assessment

Bypass applications from authentication and allow them to connect to Domino SMTP server and relay email when Anonymous is set to No for Mail SMTP Inbound in the SMTP

Customer has Anonymous connection set to "No" for Mail SMTP Inbound in the SMTP server document -> Ports -> Internet Ports -> Mail. If Anonymous is kept Yes and application IP added to Exclude these connecting hosts from anti-relay check...
over 4 years ago in Domino / Security 0 No Plans to Implement

Give the option to store auth cookies in session storage instead

use this method as an option and that we can select the order this is watched. i.e. check cookie first and session storage second or the other way around
over 4 years ago in Domino / Security 1 Under Consideration

Disabling wink to be used as a potential attack vector

Seeing more and more attempts to use Wink as an attack vector (see example below). Looking into possibility to disable wink so that it wont cause any potential security risk. 03/17/2022 10:04:27 AM HTTP JVM: 1399490 [Thread-11] INFO org.apache.win...
about 1 year ago in Domino / Security 2 Already Exists

Domino to have permissions policy header

There are customers who are experiencing permissions-policy vulnerability. This is the former "Feature Policy" with new specs. Can domino have the same to mitigate vulnerabilities related to it?
over 1 year ago in Domino / Security 3 Needs Clarification

List of Internet Users that are being expired.

A Database that will list all the internet users that are being expired or near to expire. This is to help Administrator to track down who are the users that they need to reset. Features: 1. List all the internet users. 2. Button that can easil...
about 5 years ago in Domino / Security 1 Needs Clarification

Rate limiting protections for Domino

An authentication endpoint without rate limiting protections can be susceptible to innumerable amounts of credential stuffing and eventual guessing of set of credentials used for authentication. API endpoints can also be used to attack further inf...
over 1 year ago in Domino / Security 1 Needs Clarification

Block unencrypted mail to specific domain

Need to block unencrypted email being sent to one specific domain.
over 2 years ago in Domino / Security 1 Needs Clarification

Single sign-on for web access with Notes authentication

When creating a hybrid application that uses a Notes client and Web access, single sign-on is required. Currently, there is no way to pass the token with @urlopen or NotesHTTPRequest. I need a way to get the LtpaToken cookie using the Notes cl...
over 2 years ago in Domino / Security 3 Needs Clarification

Specify TLS/SSL version used by certain port or protocol.

Some application only uses certain version of TLS/SSL. Due to vulnerabilities we don't want this TLS/SSL version to be available to all ports/protocol. We want an ability to specify which versions of TLS/SSL a port or protocol can and cannot use.
over 2 years ago in Domino / Security 2 No Plans to Implement
Copyright © 2023 HCL Technologies Limited