I’m not sure but I think there is a security problem with ACL. So, I have an ACL with some user names in it. Users have their ids generated from a Domino server(Primary server). But if I install one separate server with the same organisation name as the primary one I can generate ids with the same names. So, if I have access to nsf with ACL from primary server with id from separate server with user name listed in ACL is it possible to read docs, change design and etc. Suppose I have access to Notes WorkStation with replica of primary server’s database
If you were to create your own ID with the name Graham Richards/Markham/IBM and try to access a database on our server, it would check that the /Markham/IBM certificate that’s stored in your ID matches the one that the server knows.
In other words, it’s not just the text value of the name that’s being checked, it’s the certificate keys that belong to the Organization and Organization Units that created it. Only if they match would the ID be recognized.
Now local databases are another matter. Unless they are Encrypted by the user’s ID, they are not safe from attack. It’s very possible to open an unencrypted NSF file in a hex editor, find the ACL section, and put anything you like in there. (i.e. Change the default access to Manager.)
That’s why it’s important that users be educated that local replicas of sensitive data be encrypted to their ID.