: 4582 | 108646 | 12353

Prevent unauthorized document creation 
Use this IdeaSpace to post ideas about Domino Designer.

: -8
: 3
: 11
: Domino Designer
: Backend, Import, CreateDocument, Security
: Bill Hanson178 10 Dec 2008
: / Email
Notes provides several security mechanisms to prevent unauthorized users from creating documents. First and foremost, we have the database ACL, which controls access at the file level. If all forms in the database have the same security requirements, then security is simple - just assign the ACL level and privileges for each user.

But what if we have several forms in a database that have different security requirements? Lets say that we have a database where some users can create and edit some documents, but only read other documents. Well, we have several ways to accomplish this. We can hide our forms from the "Create" menu then hide our "Compose" buttons from unauthorized users. We can limit who can create documents by setting the "Who can create documents with this form" form property. We can use AUTHORS and READERS fields to lock documents down tight. We can even prevent users from pasting documents into a view by using the ViewQueryPaste event. If you use all of these methods together, you can control who creates, edits, and reads any document in the database...almost!

Even with all of these security precautions in place, users can still import any document using "File - Import" or any other back-end data loader. Since the Import function is a back-end process, it bypasses all of our security precautions. Just because a user has CreateDocuments enabled in the database ACL does not mean that the user should be able to create any document type. I assume that is why Lotus provides roles, AUTHORS and READERS fields, the ability to hide forms from the "Create" menu and the "Who can create documents with this form" form property. Obviously, Lotus has put some effort into allowing this kind of application design, but they missed one very important thing...

We need a method to be able to validate any document created by any means.

Here are two ideas for accomplishing this:

Idea 1: Add database events for QueryDocumentCreate and PostDocumentCreate. This could function similarly to the existing QueryDocumentDelete and PostDocumentDelete, but would need to work for any documents that are created by any means including back-end processes like "File - Import", COM, C API, Web, Java, etc. In other words, a document should not be able to be created in the database without first being processed by QueryDocumentCreate.  An exception to this might be documents that are added via replication.

Idea 2: As a document is created in a database, if the document has a Form item, the form's "Who can create documents with this form" property should be checked and enforced. There should be a database property to enable or disable this validation so we can adjust our applications for performance vs security. The current "Allow use of stored forms in this database" database property could be used to indicate whether documents with no Form item should be allowed to be created (documents with no Form item could not be validated anyway).

1) Sjef Bosman2089 (10 Dec 2008)
See also
{ Link }
2) Starrow Pan4716 (11 Dec 2008)
If possible, events like QueryDelete, PostDelete for back-end operations are all useful. But I think Lotus doesn't implement these for the sake of performance.
3) Bill Hanson178 (11 Dec 2008)
>> "I think Lotus doesn't implement these for the sake of performance."

I agree, but I'll take security and functionality over performance every time. Computers are getting faster every year, so performance is only a temporary problem. Security holes are forever.
4) JP Liggett461 (15 Dec 2008)
One method is to have an agent create documents instead of users.
5) Sjef Bosman2089 (18 Dec 2008)
Meaning: nobody gets the rights to create a document?? That would render any application unusable.

Think of this scenario: a user exports a document with unique keys as structured text, modifies the text and imports the document. You don't need to be Einstein to create reader/author fields, increase your salary or add some favourable reports... True, the document and its history are visible, but try to find this needle in a large haystack. Nobody might even discover its presence. Unless there are some hooks that allow the application developer to control imports.


Welcome to IdeaJam™

You can run IdeaJam™ in your company. It's easy to install, setup and customize. Your employees, partners and customers will immediately see results.

Use IdeaJam to:

  • Collect ideas from employees
  • Solicit feedback and suggestions from employees and customers
  • Run innovation contests and competitions
  • Validate concepts
  • Use the power of "crowd-sourcing" to rank ideas and allow the best ideas to rise to the top

IdeaJam™ works with:

  • IBM Connections
  • IBM Lotus Quickr
  • Blogs and Wikis
  • Websphere Portal
  • Microsoft Sharepoint
  • and other applications.

IdeaJam has an extensive set of widgets and API's that allow you to extend and integrate IdeaJam™ with other applications.

Learn more about IdeaJam >>

IdeaJam developed by

Elguji Software Logo