HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Under Consideration
Workspace Domino
Categories Administration
Created by Guest
Created on Oct 2, 2018

RELATED IDEAS

Give the ability to block the ?ReadViewEntries command at a server level

User cases :

User need to create document from the web under Anonymous access.
Data is "protected" by pairing document access with personal data only known by the user  + unique key delivered by email.

Using ?ReadViewEntries command allow to gain access to all documents in that case.

Customer do not want to ask to level security web access.

  • Attach files
  • Guest
    Reply
    |     Apr 12, 2023

    It should really be possible to disallow those URL commands!
    Also for the "undocumented" ?ReadDesign command!!


    There should be several tiers to disallow that commands:

    • serverwide per notes.ini variable

    • per setting in a web site document (virtual server)

    • per database property

    • per view property setting


    Mark Reiser
    sirius-net GmbH

  • Guest
    Reply
    |     Oct 3, 2018

    I would consider having the ability to block those default server requests a benefit to help secure applications without having to dig into each application and make changes.  The stated use case could be achieved with a bean.

Copyright © 2023 HCL Technologies Limited