Tag Archives: Lotus Domino

Domino security quilt

Posted on by
Reply

Once upon a time there was this platform renowned for its security features. But as the platform became of age, the security features was woven into a large quilt with considerable number of patches. And then chaos arise.

Domino has a lot of nice security features. It has its own public key infrastructure, encryption, access control, etc. However, there are a lot of features that need to work together. Lots of security settings generates complexity. And complexity is the greatest foe of security.

Take, for example, agent security. In R6, agent restrictions may be set on each agent instead on each server. This generates more complexity as each and every agent would have to be administered security-wise. An agent has three runtime security levels:

  • Do not allow restricted operations
  • Allow restricted operations
  • Allow restricted operations with full administrative rights

One particular agent of mine needed to access the file system on the server, which is a restricted operation. So, I set the runtime security to level 2. But, what the documentation fails to tell me, is that there is a setting on the server document that overrides this. In order for user to be able to run an agent performing restricted operations, not only has the agent security level to be set correctly, the user also needs to be listed in the “run restricted methods and operations” field in the server document. I guess Lotus added this feature for flexibility. But flexibility is often perpendicular to simplicity. And when it comes to security, simplicity is king…

Share

Why Notes/Domino is agile – and why it isn’t

Posted on by
Reply

Last few weeks I’ve been back on the horse doing Notes/Domino programming after been working on various J2EE-projects for a couple of years. And I have to say that Notes/Domino still amazes me. Why? Swift development. Swift deployment. Swift change. In my opinion, Notes/Domino fits particularly well when you are doing prototyping: creating an initial version (or Proof of Concept) of your application is very quick, allowing to present an initial version to your users in order to collect feedback and change requests. Furthermore, the Notes/Domino’s unstructured data model allows your application to be easily changed during its entire life cycle. Being able to change is what agility is all about. Put that in your pipe and smoke it. ;)

On the downside, automated unit testing of a Notes/Domino application is very difficult because of the lack of tool support. Because of this, development methodology like Test Driven Development (which I am a big believer in) and XP is hard to do.

Share