Please complete the details below then remove this line:
Domino/Notes Version: Domino 12.0.2 FP5 Add-on Product (if appropriate, e.g. Verse / Traveler / Nomad / Domino REST API): Its Version: Operating System: Windows 11 Client (Notes, Nomad Web, Nomad Mobile, Android/iOS, browser version):
Problem/Query:
We are using the format as below to access a particular document through browser:
https://hostname/dbname/viewname/doc-unique-ID
However our cyber security team is raising concerns on this format saying people can access all documents by changing the URL to something like below:
https://hostname/dbname/viewname or
https://hostname/dbname
Is there any way that I can still access the document using something like below:
https://hostname/doc-unique-ID
Thanks in advance.
Tode
May 19, 2026, 9:05am
2
First of all: You do not need a view in the URL, you can use the generic placeholder “_” or “0”:
https://hostname/dbname/_/doc-unique-ID
https://hostname/dbname/0/doc-unique-ID
Second: In General you should always “harden” your applications against these attacks.
As a minimum create a form with the name “$$ViewTemplateDefault” and nothing in it to block these “generic” lists.
There is more to hardening a Domino application, you should contact a specialist for that
1 Like
Tode:
$$ViewTemplateDefault
Hi Tode,
Your suggestion to use the “$$ViewTemplateDefault” form worked. Thanks a lot.
Regards.
It is important to note that web permissions are no different from ACL permissions.IMHO, it’s better to review the ACL in terms of anonymous user, know guests, who can read public documents, etc…