Hi allI have a web application in 2 different servers one internal and one external. Now I would like to hide specific documents for users who (use the server B the external one)
I know I can use reader field but how to specify at server or domain level as the users don’t login and has anonymous access.
Could anyone please advise a workaround for this.
Thanks in advance
Jose
Subject: Hide documents at server/domain level
You could play with replication settings. Probably it is more safe that hide documents.
Subject: RE: Hide documents at server/domain level
Selective replication and ACL-based controls on replication are not a good mechanism for security. They are both far too easy for someone to accidentally (or on purpose) subvert. One way is for a person with rights to both replicas making a local replica, at which point the documents can freely replicate from server A to the user’s replica to server B.
-rich
Subject: Hide documents at server/domain level
Are you saying that nobody, whether using the inside server or the outside server, has to authenticate in order to see any of the documents?
Probably the safest thing that I can think of is to create a new copy (not replica) or the database design, then use a Lotusscipt agent to populate the outside database with only the documents that you want users there to see.
However, another idea, although not as secure, comes to mind if you’re using embedded views…
I haven’t tried this - but could you create a second view that excludes the documents that you want to hide, then on the form containing the embedded view, select which view to show based on server name ?
Of course you’ll want to have a $$ViewTemplateDefault to keep users from opening any or all views directly.
This won’t prevent users from opening a document directly if they know the UNID, but I think it would work…
Subject: RE: Hide documents at server/domain level
Using separate non-replica databases connected by an agent that selectively synchronizes docs is a reasonable solution.
The second method based on views, though, can be subverted using the ?ReadViewEntries URL command. The view template won’t stop users from getting data that way. Furthermore, if the external server is hacked, all bets are off because the NSF can be copied and accessed through a local Notes client. (When dealing with external servers, the best policy is to keep the confidential docs off the server in the first place.)
-rich