Monday, January 21, 2008

Lotusphere 2008 - Day 1: Sunday, January 20th

8:30 AM - JMP301 - Understanding Security in IBM Lotus Notes and Domino

Andrew Pollack and Gabriella Davis

A very good session for a relatively high-level overview of Notes and Domino security. I knew a lot of it already, but I still came away with several good pointers. Pretty much everything is on the slides, which will be available shortly. Here are my key takeaways

Certificate Authority
  • Certificate Authority is your friend. It allows you to lock up your physical and delegate user creation while maintaining a high level of security.
  • You can assign Registration Authorities who can register or recertify people without having to know the certifier password.
  • It even works to register people from webadmin.nsf
  • Do not manually edit the ICL database. You will corrupt it and have to re-migrate the certifier.
Password Recovery
  • As of R7 you can change the length of the recovery password (6 character minimum).
  • R8 adds password checking for HTTP. You can configure what happens when someone hits a threshold you specify. For example, lock them out for 10 minutes after 3 invalid attempts.
  • Don't keep physical backup copies of ID's. It's absolutely pointless.
Change to public key checking: You can now turn it on and log mismatches, while still allowing access. Recertify any mismatched people to get keys in synch then bump up to deny mismatches.

Users should never update their ECL or get an ECL warning if things are working properly. Use a security settings policy to set a default ECL and block users from updating it.

Do not use */org in the ECL. This will allow anyone to send malicious code to anyone else and it will run.

Every database needs an owner. Every e-mail group needs an owner. Review both at least quarterly.

10:30 AM - JMP205 - AJAX and JSON for IBM Lotus Domino Applications

Scott Good

There are two built-in ways to get structured data back from a Notes view: http://Host/Database/ViewName?ReadViewEntries and, starting in 7.0.2, http://Host/Database/ViewName?ReadViewEntries&OutputFormat=JSON . The first returns XML, which means you have to parse it and it's a lot of text. JSON is much more terse and works a lot like LotusScript lists.

I can't do Scott's presentation justice without examples, so go download it from him.

4:30 PM - JMP302 - All Things Mail with IBM Lotus Domino

Paul Mooney and Susan Bulloch

Locations move to preferences in 8.0.1. Paul really, really hates this. A lot.

Notes 8 will do MIME conversion on the client for Internet mail. This is a good thing because it keeps the burden off the server.

SMTP mail routing between Domino servers is possible, but pointless. You lose the ease of Notes Named Networks, and the mail has to be converted from Richtext to MIME, then back to Richtext.

Notes.ini setting MailDisablePriority=1 will prevent anyone from sending an e-mail flagged with High Priority.

Inbox Maintenance in R8 will remove from the Inbox anything older than the number of days you specify. Smaller Inboxes keeps the servers happy. You can enable it via policies. Be sure to communicate this to users several times before you turn it on. Start with a wide range and lower it gradually.

Welcome Reception

It was COLD. The wind was whipping and it was simply miserable. The food was worse than usual. Some kind of subs, which were nearly frozen, baked penne pasta with marinara, and sausages that were too big to eat in one bite but they didn't provide knives.

Blue Zoo

Somehow I was lucky enough to get included in a group that went to Blue Zoo for dinner. The service was very good and the food was even better. I had the roast beet salad and the miso marinated sea bass. The salad was delicious and the sea bass was cooked nicely and had a buttery texture. The only miss for me was the spinach served with it. It was slightly gritty and had sat around for a while and turned black so it was unappealing.

1 comment:

  1. The clam chowder out where I was standing during the reception was pretty good, but it didn't stop me from going to Kimono's and inhaling sushi afterwards.