I tried to find information about the explanation of this security option in IBM forums and related documentation but I couldn’t find any.I’m trying to find out what does IBM/Lotus mean with the expression (reduces security).
I got a customer that considers this option not reliable because there is no documentation about it.
Does anyone know where I can get info about this subject?
Thank you for your help.
Subject: Re: Don’t prompt for a password from other Notes-based programs (reduces security)
I don’t have the official word here…
But, I believe that option allows other programs to essentially obtain access to the credentials a user has already used to authenticate with to the server–rather than having to obtain access again.
It reduces security because of that fact…essentially any exeutable running on the same system can now act on the user’s behalf without any additional prompting (id/pswd).
In many cases, people will decide that is a reasonable choice/risk and allow it to avoid a lot of annoying prompts. But, some places might decide the risk is outweighs the convenience.
Subject: from help
You may use other applications that are based on IBM® Lotus Notes® technology. For example, you might use a program that accesses data from a Lotus Notes® database. When you use these programs, usually you enter your Lotus Notes password to access the data. If you have Lotus Notes open in the background, and you are working in a Lotus® Notes-based program, you can set Lotus Notes to remember your password, so you don’t have to enter your password multiple times.