Hi all,
is it possible to sign Notes Databases with a scheduled agent using a special Signing ID without user interaction?
Marcus
Subject: Automatically signing Notes Databases scheduled?
Just an FYI and since you mentioned Teamstudio in your post. Teamstudio has a solution that will automate build processes and has workflow capabilities. It also lets you integrate Teamstudio analyzer to check standards or code security issues. And finally and most importantly, it also has the ability to sign templates with another ID which is securely stored in the build database so there is no potential method for someone to get the ID and use it for malicious purposes.
Subject: Automatically signing Notes Databases scheduled?
Does anyone know about API calls to realize this ?
Subject: RE: Automatically signing Notes Databases scheduled?
You mean you really can’t scrounge up a crappy old out-of-date box that only needs a bare-bones OS install, the Notes client, the signer ID and a single agent in a single database to use the LS method?
Subject: RE: Automatically signing Notes Databases scheduled?
unfortunally it is not possible …maybe its possible to design a server addin task or something like that?
Subject: Automatically signing Notes Databases scheduled?
Call notesDatabase.Sign( [ documentType% ] [ , existingSigsOnly ] [ , nameStr$] [ , nameStrIsNoteID ] )
Signs elements in a database with the signature of the current user. This method programmatically mimics the use of the Sign Database dialog in the Notes Domino Admin client.
Note This method is new with Release 6.
Look in degsigner help for example
Subject: RE: Automatically signing Notes Databases scheduled?
Ah, but it only works from a client. Presumably, one could leave a client box running in the server room with the appropriate signer ID and locally-scheduled agents enabled and an agent scheduled from a local database, but that sounds like a security risk (might be problematic for folks running under tight restrictions like FDA regs and so forth).
Subject: RE: Automatically signing Notes Databases scheduled?
Let me explain why I have a problem with that.
Signing things is a security measure. The signature is saying that someone has reviewed this code and determined that it doesn’t represent a threat of any kind. If someone should somehow manage to break your security to the extent of being able to modify the design element, they at least won’t be able to put code into your applications that your servers and users will recognize as authorized to execute.
If you add an automatic signing process, you’ve bypassed this security layer. Now, anybody who manages to break into a database and change the contents of an agent, can do what they like on every server and every workstation in your company. All the code has to do is sit there for a while, and your automatic signer will come through and blindly stamp it APPROVED to run everywhere.
Why don’t you explain why you want to do this – what are you trying to accomplish? I’m sure there are ways to do it that don’t require this step.
Subject: RE: Automatically signing Notes Databases scheduled?
Ah, ok … let me explain the need of a process like this.
We are creating a database rollout process for our customer. This process will be handled within a workflow database. Users can ask for a db rollout based on a template provided. This template for sure is not signed correctly.
Prior to the signing of the template all approvals and checks (Teamstudio) are done on this template (on a separate server). So we don’t have a security problem here because we are not working in production environment.
The signing procedure is the last step in this workflow and I will not involve Admins to do that because of delay…