We currently run iNotes for users to use their browser to access e-mail. We recently setup a Cisco IDS appliance for intrusion detection monitoring.
The Cisco IDS is currently telling us (Signature 5474 - SQL Query in HTTP Request)of a potential security issue on the Notes Mial server being accessed by iNotes.
It is a low level alarm but I was just looking for some information on how iNotes worked in regrads to sending SQL queries.
The countermeasure listed is to “Setup up databases so that users cannot pass queries directly to the server.” How is this done and will this make iNotes not work?
I understand that most web server’s database should not allow queries directly to the server via HTTP.
If anyone can shead light on this I would appreicate it.
Thanks,
Subject: Security Alert (SQL Query in HTTP Request)
Ignore the warning. Really. The queries you are being warned about are things like ?OpenDocument, ?OpenFramset, ?OpenForm, ?EditDocument, etc. Domino requires these for full functionality. Any commands that could cause problems can be disallowed on a per-user, per-instance basis by database ACLs (?DeleteDocument will not work if the user doesn’t have delete permissions), Readers and Authors fields on forms, etc. Server redirection can globally disallow others, such as ?ReadViewEntries, if specific access types are considered undesirable in your environment.
Subject: Security Alert (SQL Query in HTTP Request)
You could enable the “Make this site accessible to web search site crawlers:” setting on your Domino web server to change the ?'s into !'s, but even if this cures the CISCO IDS ‘problem’ it’d probably do more harm than good.
Hmmm, why did I bother to post this?!? 