Skip to main content

Domino Web Clients and Attachments

So, I did some investigation today as to whether an authenticated domino web user still has access to attachments in documents that they have no access to. The easy answer would be no, but from what I’ve found, it seems that yes, the user may still have access to it.

There is documentation on the IBM website that brings up the entire web client and attachment access, you can read it here: http://www-1.ibm.com/support/docview.wss?uid=swg21085155

It discusses the $v2AttachmentOption internal field that exists in Domino 4.6 an later.

I’ve followed their instructions, but found that as long as I had the exact URL of the attachment, I could still access the attachment, even though I didn’t have access to the document the attachment belongs to.

It turns out, that although it wasn't stated, $V2Attachment Option isn't a security measure, but simply one to hide the attachment on a web document.

Comments

Post a Comment

Popular posts from this blog

Fun Little Earthquake

It's 1:45pm EST in Ottawa, Ontario, Canada. We just had an earthquake.  Not strong enough to damage anything, but enough that I watched people run out of buildings. What a fun Wednesday.
24 comments
Read more

Error 217 - Error creating product object on Domino 64 bit

I'd like to share something with you.   An error that you'll get if you are trying to use ODBC with Domino 8.5.1 64bit. It starts out with an agent error of Error 217.  The text of the error is "Error creating product object" You can read about it here on the Notes/Domino forum . You can find the solution here as well . I guess I'm now waiting for Domino 8.5.2 for a solution for this.   It would have been nice to have had this in the release notes.  It would have help me greatly.
5 comments
Read more

Lotus Trading Cards

I was painting the house last night, and my mind got to wandering... Bruce Elgort mentioned on Twitter last night that he was thinking of a VC fund for Lotus projects. So my mind wandered about that, and turned to how we present ourselves. I got to thinking that business cards are so ... old school. I think we need Trading Cards. So, here are the first few I've come up with.
12 comments
Read more