Once upon a time there was this platform renowned for its security features. But as the platform became of age, the security features was woven into a large quilt with considerable number of patches. And then chaos arise.
Domino has a lot of nice security features. It has its own public key infrastructure, encryption, access control, etc. However, there are a lot of features that need to work together. Lots of security settings generates complexity. And complexity is the greatest foe of security.
Take, for example, agent security. In R6, agent restrictions may be set on each agent instead on each server. This generates more complexity as each and every agent would have to be administered security-wise. An agent has three runtime security levels:
- Do not allow restricted operations
- Allow restricted operations
- Allow restricted operations with full administrative rights
One particular agent of mine needed to access the file system on the server, which is a restricted operation. So, I set the runtime security to level 2. But, what the documentation fails to tell me, is that there is a setting on the server document that overrides this. In order for user to be able to run an agent performing restricted operations, not only has the agent security level to be set correctly, the user also needs to be listed in the “run restricted methods and operations” field in the server document. I guess Lotus added this feature for flexibility. But flexibility is often perpendicular to simplicity. And when it comes to security, simplicity is king…