[23045] in bugtraq
Re: Lotus Domino View ACL by-pass (#NISR29102001C)
daemon@ATHENA.MIT.EDU (Darren Davison)
Wed Oct 31 23:28:22 2001
Message-Id: <200110312330.f9VNUTG22377@bacall.edefl.demon.co.uk>
Content-Type: text/plain;
charset="iso-8859-1"
From: Darren Davison <dd@edefl.demon.co.uk>
To: "NGSSoftware Insight Security Research" <nisr@nextgenss.com>,
<bugtraq@securityfocus.com>
Date: Wed, 31 Oct 2001 23:30:29 +0000
In-Reply-To: <00f201c161b5$6eec9da0$7dd793c3@XU5UDGJMHXJ300>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
On Wednesday 31 October 2001 02:40, NGSSoftware Insight Security Research
wrote:
> A Lotus Notes database contains documents which are organized into views.
to be more correct, the database contains documents which *can* be organized
into views. That's not to be pedantic, but it's crucial in understanding the
relationship between the data and the design of the database.
> Access control lists can be applied to the database itself, views and
> documents. If a user has been denied access to a view, NISR have discovered
> that it is possible to by-pass the permissions set on that view and access
> the documents one would expect it to protect.
views do not, nor are they intended to protect the documents they 'contain',
they are merely a convenience. Hiding the view or restricting its access to
certain users is simply an extension of that convenience. Data (ie
documents) are correctly protected by readers fields, document encryption or
field level encryption.
From the online help of the Domino Designer client..
".. Users who are excluded from the access list will no longer see the view
or folder in the View menu. A view or folder read access list is not a true
security measure."
D
