8:30 AM - JMP301 - Understanding Security in IBM Lotus Notes and Domino
Andrew Pollack and Gabriella Davis
A very good session for a relatively high-level overview of Notes and Domino security. I knew a lot of it already, but I still came away with several good pointers. Pretty much everything is on the slides, which will be available shortly. Here are my key takeaways
- Certificate Authority is your friend. It allows you to lock up your physical cert.id and delegate user creation while maintaining a high level of security.
- You can assign Registration Authorities who can register or recertify people without having to know the certifier password.
- It even works to register people from webadmin.nsf
- Do not manually edit the ICL database. You will corrupt it and have to re-migrate the certifier.
- As of R7 you can change the length of the recovery password (6 character minimum).
- R8 adds password checking for HTTP. You can configure what happens when someone hits a threshold you specify. For example, lock them out for 10 minutes after 3 invalid attempts.
- Don't keep physical backup copies of ID's. It's absolutely pointless.
Users should never update their ECL or get an ECL warning if things are working properly. Use a security settings policy to set a default ECL and block users from updating it.
Do not use */org in the ECL. This will allow anyone to send malicious code to anyone else and it will run.
Every database needs an owner. Every e-mail group needs an owner. Review both at least quarterly.
10:30 AM - JMP205 - AJAX and JSON for IBM Lotus Domino Applications
There are two built-in ways to get structured data back from a Notes view: http://Host/Database/ViewName?ReadViewEntries and, starting in 7.0.2, http://Host/Database/ViewName?ReadViewEntries&OutputFormat=JSON . The first returns XML, which means you have to parse it and it's a lot of text. JSON is much more terse and works a lot like LotusScript lists.
I can't do Scott's presentation justice without examples, so go download it from him.
4:30 PM - JMP302 - All Things Mail with IBM Lotus Domino
Paul Mooney and Susan Bulloch
Locations move to preferences in 8.0.1. Paul really, really hates this. A lot.
Notes 8 will do MIME conversion on the client for Internet mail. This is a good thing because it keeps the burden off the server.
SMTP mail routing between Domino servers is possible, but pointless. You lose the ease of Notes Named Networks, and the mail has to be converted from Richtext to MIME, then back to Richtext.
Notes.ini setting MailDisablePriority=1 will prevent anyone from sending an e-mail flagged with High Priority.
Inbox Maintenance in R8 will remove from the Inbox anything older than the number of days you specify. Smaller Inboxes keeps the servers happy. You can enable it via policies. Be sure to communicate this to users several times before you turn it on. Start with a wide range and lower it gradually.
It was COLD. The wind was whipping and it was simply miserable. The food was worse than usual. Some kind of subs, which were nearly frozen, baked penne pasta with marinara, and sausages that were too big to eat in one bite but they didn't provide knives.
Somehow I was lucky enough to get included in a group that went to Blue Zoo for dinner. The service was very good and the food was even better. I had the roast beet salad and the miso marinated sea bass. The salad was delicious and the sea bass was cooked nicely and had a buttery texture. The only miss for me was the spinach served with it. It was slightly gritty and had sat around for a while and turned black so it was unappealing.