Provide a way to disable 'readviewentries' for each view 
Use this IdeaSpace to post ideas about Domino Designer.

: 23
: 24
: 1
: Domino Designer
: view, readviewentries, security
: Theo Heselmans9557 26 Jul 2009
: / Email
If a (web) user knows or guesses the name of a view, he/she can read the complete content of the view as XML using ?readviewentries.
Directly opening a view can be easily prevented using e.g. $$ViewTemplateDefault.
I know you can use url redirection, but those are server-settings, usually not available to a the designer, and they are not specific enough.

1) Mark Demicoli10736 (13 Oct 2009)
In so far as preventing undesired access to view column data, you can hide the columns from web clients and (amazingly! [sarc] ) ?ReadViewEntries respects the column hide formula. If you hide all columns in a view from the web, the ?readViewEntries XML only shows universal ID, note ID and Siblings data. Which is not ideal, but much better than nothing.

So now I put @ClientType="Web" in all column formulas unless I specifically want certain view columns available for web rendering.

Luckily, hiding columns from the web does not break lookups in form fields.

2) Mark Demicoli10736 (13 Oct 2009)
Anyone who knows how to write DSAPI dlls (obviously I don't) might be able to knock up something quickly that would check if a user had a particular role (eg VIEWXML) and prevent the ?ReadViewEntries command for those that do not.

OpenNTF project anyone?
3) Manu Vermeyen45 (23 Mar 2011)
In v8, check for the database property (first tab) "don't allow URL open". Depending on the rest of your project, this might be of help. It solved our problem.


Welcome to IdeaJam

You can run IdeaJam™ in your company. It's easy to install, setup and customize. Your employees, partners and customers will immediately see results.

Use IdeaJam to:

  • Collect ideas from employees
  • Solicit feedback and suggestions from employees and customers
  • Run innovation contests and competitions
  • Validate concepts
  • Use the power of "crowd-sourcing" to rank ideas and allow the best ideas to rise to the top

IdeaJam™ works with:

  • IBM Connections
  • IBM Lotus Quickr
  • Blogs and Wikis
  • Websphere Portal
  • Microsoft Sharepoint
  • and other applications.

IdeaJam has an extensive set of widgets and API's that allow you to extend and integrate IdeaJam™ with other applications.

Learn more about IdeaJam >>

IdeaJam developed by

Elguji Software Logo