In a security audit one of the issues that arose was that “default files” that are part of the Domino installation are a potential security risk.
Is anyone aware or have any knowledge of what those files may be and whether they could be safely removed?
Subject: Security Issue: Default files?
That phrase is pretty ambiguous. It could mean “files containing default server settings”, “files installed by default” or “default settings in ACLs or properties in database files”. Or maybe they mean something else entirely. Get your auditor to explain it specifically. Also, check out the new draft RedPaper “Security Considerations in Notes and Domino 7”. I wrote an appendix with a checklist of things to do after a Domino install.
http://www.redbooks.ibm.com/redpieces/abstracts/redp4104.html
Bear in mind… it’s a draft. If there’s something wrong, or missing, or whatever, you can submit comments on the download page, or you can submit them to me in this thread on my blog:
Subject: RE: Security Issue: Default files?
Thanks very much. I will go over it and certainly comment if anything stands out.
Subject: RE: Security Issue: Default files?
here it is a database which help looking at databases security problems on a server : http://www.bruere.com/Consultant-Domino.nsf/D6plinks/Freeware-Security-Domino-Servers