Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

ADD A NEW IDEA

Security

Showing 283

Disabling wink to be used as a potential attack vector

Seeing more and more attempts to use Wink as an attack vector (see example below). Looking into possibility to disable wink so that it wont cause any potential security risk. 03/17/2022 10:04:27 AM HTTP JVM: 1399490 [Thread-11] INFO org.apache.win...
almost 2 years ago in Domino / Security 2 Already Exists

Domino to have permissions policy header

There are customers who are experiencing permissions-policy vulnerability. This is the former "Feature Policy" with new specs. Can domino have the same to mitigate vulnerabilities related to it?
almost 2 years ago in Domino / Security 3 Needs Clarification

Rate limiting protections for Domino

An authentication endpoint without rate limiting protections can be susceptible to innumerable amounts of credential stuffing and eventual guessing of set of credentials used for authentication. API endpoints can also be used to attack further inf...
almost 2 years ago in Domino / Security 1 Needs Clarification

User defined keystore for Domino

Currently, the Notes/Domino v9.x (same with newer versions) can only use the default JAVA trust keystore under Domino application server. The JAVA update overwrites this default keystore. Please add the option to set a custom,user defined keystore...
almost 2 years ago in Domino / Security 2 Needs Review

Control over the setting "don't let administrator set Domino web/internet password to match Notes password" via Domino policy.

Administrator should have control over the setting "don't let administrator set Domino web/internet password to match Notes password" via Domino policy.
about 2 years ago in Domino / Security 1 No Plans to Implement

Disabling local processes or external processes using the Domino Server

A way to disable executing local processes and commands on Domino using powershell, cmd, etc
about 2 years ago in Domino / Security 0 Planning to Implement

Prompt for user content before configuring notes client.

This is to control & monitor user and admin activity in terms of account access. ( just want user consent before configuring notes client on behalf of the user.). Basically, customer have MFA for notes, but none for lotus notes client security...
about 2 years ago in Domino / Security 1 No Plans to Implement

Option to select whether the LTPAToken should be completely removed/or usable when session has been completely ended.

When enabling Session authentication across servers, the token issued by a server can still be used even after the session has been completely ended on the server and on the browser. If a user issues a request to the server using the same token, y...
about 2 years ago in Domino / Security 1 Under Consideration

Tool to remove the internet certificate from the server ID

The "Delete from ID file" action from the User Security (in Notes) or ID Properties (in Admin client > Configuration tab) is greyed out when trying to remove an internet certificate from the server ID. We would like to request a tool that will ...
over 2 years ago in Domino / Security 0 Under Consideration

Restrict users from viewing person and server configurations in Domino Directory

Currently all users (with reader access) are able to access Person document > Basics/ Work/ Other/ Misc/ Certificates/ Roaming/ Administration tab. Can we restrict the users to only access to Basics tab for security best practice?By right, user...
over 2 years ago in Domino / Security 1 Under Consideration