This week I requested IBM to create a new SPR for an behaviour of the Domino installer. During a Domino upgrade the installer will simply replace some standard databases/templates, replacing any ACL/property settings made to any existing databases/templates on the server.
I think it’s good practice to set -Default-=NoAccess and Anonymous=NoAccess on all databases/templates except those that should be accessible Anonymously from the internet. If everyone should have access; ie. on forms85.nsf I add a LocalDomainUsers group to the ACL with proper access. That way I can see any database/template that is -Default- or Anonymously accessible by peeking in catalog.nsf
Problem is that the installer simply replaces several standard databases during an upgrade, leaving many standard databases open on the internet.
Just Google “filetype:nsf” and try “http:\\homepage.nsf” to see the result of the current installer behaviour. 99% of the sites will honour access to the ‘standard’ databases.
After an upgrade I typically need to fix approx 91 -Default- ACL settings, 40 Anonymous ACL settings and 16 Administration servers.
If you agree this should be fixed, then ask Lotus IBM to fix this in the Domino installer by opening a PMR referring to SPR ZKUN86QLHA ‘Replacing some standard databases/templates as homepage.nsf, help/* and iNotes/*’.
Note: This won’t fix ACL’s, but will prevent changed ACL’s / database properties from being replaced during an upgrade.