I took the survey over at A List Apart. You should too…
You could win a great prize. Of course, if you enter, you could win… So don’t enter. I want to win…
So, I did some investigation today as to whether an authenticated domino web user still has access to attachments in documents that they have no access to. The easy answer would be no, but from what I’ve found, it seems that yes, the user may still have access to it.
There is documentation on the IBM website that brings up the entire web client and attachment access, you can read it here: http://www-1.ibm.com/support/docview.wss?uid=swg21085155
It discusses the $v2AttachmentOption internal field that exists in Domino 4.6 an later.
I’ve followed their instructions, but found that as long as I had the exact URL of the attachment, I could still access the attachment, even though I didn’t have access to the document the attachment belongs to.
It turns out, that although it wasn't stated, $V2Attachment Option isn't a security measure, but simply one to hide the attachment on a web document.
With a Domino .nsf file, occasionally you need to move a database from one server to another, but how do you keep your links intact when the new server has a new URL?
[code]"https://" + @GetHTTPHeader("Host") + "/" + @ReplaceSubstring(@Subset(@DbName; -1); " " : ""; "+" : "/") + "/"[/code]
[code]Dim Session As NotesSession
Dim dbase As NotesDatabase
Dim path As String
Set Session=New NotesSession
path = "https://" & Strrightback(Strleftback(dbase.HttpURL, "/"), "/") & "/" & dbase.FilePath & "/"[/code]