HCL Domino Ideas Portal
Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Thank you very much. I hope you can help me so that the database NSF can have the option to control COM components. Otherwise, the NSF applications and data we develop will be exposed to information security risks.
Hello:
1. Thank you for helping us suggest adding the option "Do not allow COM connection to Domino database" in the database.
2. Currently, programming languages that can connect to the Domino database through COM, such as: VBScript, C#, PowerShell, VB, VBA, Python, etc., can connect to the Domino database (.nsf) by calling COM, and perform operations on file data. For reading actions, if the user is a Domino user and knows the above language, he or she can perform these actions to read the database data. This will cause data security concerns.
3. Your company has previously responded to this issue, and the answers I received said that document data must be controlled by "Reader/Author" in order to effectively control the document from being read by irrelevant personnel. However, because we use Domino has been around for 25 years. The data in the developed application is used for document signing. The amount of data is large. The database ACL is the default "Author", and the data is controlled through "Form and View" are controlled through program code and have no effect on languages such as Python and VB, because they use COM to connect to Domino through the underlying layer. Moreover, if the data uses "Reader/Author" control, it will have a great impact on the system and database performance, resulting in slow data reading speed and frequent complaints from users.
4. Since Domino was changed from IBM to HCL, the program version has successively developed many functions to provide convenient services to designers and users. It is currently on the database
You can control whether the database can be opened on the WEB or through HCAA software, and for the DAS (Domino Assess Services) part, you can choose whether the database or VIEW opens the DAS (Domino Assess Service) function, and other options for open control (such as attachments ), there are currently no control options for the "COM Connection Database".
5. We hope that the original HCL can address this issue, and when the software is enhanced in the future, the option "Do not allow the use of COM to connect to the Domino database" can be added for database administrators to effectively manage data and achieve information security.
Can you please provide this comment in English?
您好:
1.感謝您幫我們建議資料庫增設「不允許使用COM方式連線Domino資料庫」選項議題。
2.目前可透過COM連結Domino資料庫之程式語言如:VBScript、C#、PowerShell、VB、VBA、Python等均可透過呼叫COM方式,進行連結Domino資料庫(.nsf),針對檔案資料進行讀取的動作,使用者若是Domino使用者,又孰悉上述語言,即可進行這些動作讀取資料庫資料,此舉將對資料造成資安疑慮。
3.先前針對此問題有反應貴公司,得到的答覆都說文件資料要使用「讀者(Reader)/作者(Author)」管制,才可有效管制文件被不相干的人員讀取,但因為我們使用Domino已有25年之久,所開發應用程式內資料都是用於文件傳簽程序,其資料量較大,資料庫ACL都是預設「作者(Author)」,資料的管制都是透過「套表(form)及視界(View)」透過程式碼進行管制,對Python、VB等語言,是沒有作用的,因為其是透過底層使用COM進行連接Domino。且若資料使用「讀者(Reader)/作者(Author)」管制,對系統及資料庫效能,都有極大的影響,造成資料讀取速度慢,使用者抱怨連連。
4.自從Domino改由IBM變更為HCL公司後,程式版本陸續開發許多功能,對設計者及使用者提供方便服務,目前在資料庫上
可針對資料庫是否可於WEB開啟、透過HCAA軟體開啟,並針對DAS(Domino Assess Services)部分,可選擇資料庫或VIEW是否開放DAS(Domino Assess Service)功能,等選項進行開放管制(如附件),目前並無針對「COM連線資料庫」提供管制選項。
5.期待原廠HCL能針對此議題,後續軟體增強時,能增設「不允許使用COM方式連線Domino資料庫」選項,供資料庫管理者運用,以便有效管理資料,達到資訊安全。