Roaming security questions

HCL Domino Domino Forum
1

Planning to implement the roaming feature, I had some basic security questions.

I assume we want to put the ID file in the personal address book - seems like the most flexible setup. If so, is it advisable to:

  1. encrypt the names.nsf db to avoid potential browsing of the ID file when a replica is left on the local system? Or is it advisable to encrypt it anyway?

  2. tighten up the ACL on that DB - and if so what are the recommended settings? Is it okay to lock out everyone except the owner and the LocalDomainServers?

  3. change the admin server for this db to the server where the roaming files are (currently no admin server is set)?

  4. enforce consistent ACL?

Or is the ID file already suitably protected without any special measures?

Any other security pointers appreciated. TIA.

-Andy

2

Subject: roaming security questions

Doesn’t the “cleanup” option remove the local NAB replica when it’s finished?

I’ve not tested it myself yet, but I assumed that’s what it did. Pretty sloppy if it doesn’t, IMHO.

Cheers,

  • Mike