Security Web Server

hcl-bot · September 24, 2003, 5:55am

I’ve installed a Notes-webserver. On this server is running a application. Users have to log in to use the application (via the internet). I’ve created a custom loginform.Al the databases on the notes-server has a record of Anonymous in the ACL with NO-Access.

Questions:

When you don’t have a username and password, is it possible to use the application?

Is this situation enough secure that the data, username en password ca not be compremised (hacked)?

hcl-bot · September 24, 2003, 10:18am

Subject: Security Web Server

If you give Anonymous access to read/write public documents, then logging in is not necessary for accessing those parts of the application.

If your custom login form is not using https (i.e. SSL) then ID and password can be stolen by using a packet sniffer.