HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

ADD A NEW IDEA

Security

Showing 309

Directory ACL for HTTP access

If you have Domino server used with internet site for many clients, a requirement is configure specific folder and subfolder for every customer access. In Apache HTTP, NGINX you have this possibiliy.. in Domino, the only way is manage the security...
about 2 years ago in Domino / Security 1 Under Consideration

Block users that dont have a smartcard enabled ID-file

Today it is possible for users to smartcard enable their own ID-file and then use the smartcard to login to the Notes environment. Make it possible to block users that dont have a smartcard-enabled ID. Or in some way force users that they must use...
about 3 years ago in Domino / Security 0 Under Consideration

NSF_ENABLE_LARGE_ACL should also apply for roles and role name length

As of Domino V12, NSF_ENABLE_LARGE_ACL was introduced. The setting increases the number of individual entries in the ACL of an application. Unfortunately this does not apply to the number of role entries, which is still limited to 75. Pls. increas...
about 4 years ago in Domino / Security 0 Under Consideration

Missing Secure Attribute in Encrypted Session (SSL) Cookie.

Hi Team, Regarding case no : CS0038809 - Require SSL protected communication HTTPS for single server session cookie As suggested by Melnicl(HCL PMR Team) we need to enable http only : false option in DOMRELAYSTATE cookies. we require this option t...
over 5 years ago in Domino / Security 5 No Plans to Implement

New command to show the number of failed login attempts since last successful web login

Please add the possibility, to let the developer show the amount of login failures since the last successful web login to the the user. As this behaviour is well known in the web, it would improve security and transparence, if the user knows when ...
over 6 years ago in Domino / Security 0 Under Consideration

Warn users when they are sending a message to a global group

Staff are currently warned if they click on Send on a message that has no subject line. It would be useful to warn people when they have selected an extremely large group to send an email to.
over 6 years ago in Domino / Security 3 Assessment

Allow users to self-manage their Passkeys in the Passkey database

In Domino 14, the Passkeys database maintains user specific records for every Authenticator that the user has ever used on that system, in order to create a passkey. Over time, the number of these records will likely grow to include records for...
about 2 months ago in Domino / Security 0 Needs Review

Automatically add "secure" flag to all cookies, when https is used

When a Domino server serves http requests through encrypted https, it should automatically add the " secure " flag to all cookies. There should be a global flag to enable/disable this feature. (default: enabled) In reality, most Domino servers wit...
over 1 year ago in Domino / Security 0 Needs Review

Force password change after next login checkbox

Please add a policy that forces the password to be changed at the next login. The policy should be immediately broadcast to all connected HCL Notes clients so that in case of a security problem, everyone is forced to use a new password. The settin...
over 1 year ago in Domino / Security 3 Under Consideration

Configure the Domino HTTP server to ignore "Authorization: Bearer" headers on Domino 12.0.2

This has always worked well in Domino 10, 11 and 12.0 but now HCL has implemented an option on the internet site to use a bearer token. The problem with this option is that you then need to configure an OIDC provider which is not well documentated...
almost 2 years ago in Domino / Security 3 Under Consideration
Copyright © 2023 HCL Technologies Limited