Ok… I have had it. Now my boss wants me to justify why users should not be allowed to have a designer loaded on their workstation so they can mock up designs. Then present them to the “real” developers for actual development. There has to be some security reasons not to do this. Please help me find some.
Subject: Help… Users want designer…
HiIf you are not going to get your way with your boss besides the security issues raised you could put criteria for approval of Designer clients to your users :
a) should have attended a Lotus Authorized Education Center course for the current version
b) should have some Certification in the current version - CLS, CLP etc.
c) you will encounter the old arguments - I had Designer in Version 3 or Version 4, etc.
d) ensure Designer access to the server databases are restricted and
e) The Designers submit the Design Templates to the Administrators for updating the design of production databases.
RM
Subject: Help… Users want designer…
They will be able to write agents that directly modify fields they are not able to change using the application, bypassing any form protection you have.
Subject: Help… Users want designer…
Hi,
at first I totaly agree that it nonsense to give ordinary users a developer client but the reason is not the security issue.
If we talk about “theoretical” security it makes no differece if a user has only a Notes-Client or a Designer. Even with a client I can put a button in a Rich-Text-Field and write any code and execute it,or personal agent or …
Not to mention that you should always keep in mind that a user can bring a fully developed application from home where he has a designer and just run it …
So if your users dont have a designer you are still not “safe” at all.
You have to do it propertly and set up ACL-rights to dbs and use only well developed application which protect your data with reader-fields in such a way that even someone with a Designer could not harm you in any way.
However this is the theory. In reality if you give your users a designer you will get much more troubles because they will “destroy” (usually accidentaly) your databases which you havent secured properly.
But the main reason against it has already been said:
ITS THE COST,THE COST,THE COST …
(?? I think its about 10 times of a notes-client)
bye
Hynek
Subject: Help… Users want designer…
How about the license cost?
Subject: Help… Users want designer…
Okay…
Give access to the Designer client, any user who learns Lotuscript will be able to conduct data extractions of otherwise protected information. For instance, it will be very easy for them to invalidate the “Do not allow forward/copy/printing” on an email message. They’ll just whip up agents to kill the $KeepPrivate field.
How’s that?