Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino
Categories Integration
Created by Guest
Created on Sep 3, 2019

Domino Access Services Should Not Allow Anonymous Access By Default To Calendar and Freebusy

Currently when Domino Access Services has Calendar and Freebusy activated the information for a user can be accessed without authentication using a url to the information.

For example:

http://mytest.com/api/freebusy/busytime?format=icalendar&name=testuser@mytest.com

https://mytest.com/api/freebusy/sites/CN=idlmail04%4FOU=Server%2FO=MYTEST!!names.nsf

While no actual meeting information is available, just freebusy blocks, the same issue can occur when IMSO is installed as it also uses Domino Access Services for these services.

Domino Access Services is currently working as designed and the only way to prevent this access from occurring is to disable Anonymous authentication on the Server or Internet site document within Domino and just have Name and Password enabled, this however will cause issues for applications on the server that require anonymous authentication.
  • Attach files
  • Guest
    Reply
    |
    Sep 4, 2019

    There is an issue reported as SPR #JCHS7NWPT6. for a namelookup issue with the new namelookup model which has been introduced to optimize the way the namelookup cache is refreshed. 
    The new model allows more granular control of how the cache is refreshed. There is a known issue that especially affects larger Domino servers which causes the server to crash due to a leak.