Tag Archives: Lotus Domino

Domino security quilt

Once upon a time there was this platform renowned for its security features.
But as the platform became of age, the security features was woven into a large
quilt with considerable number of patches. And then chaos arise.

Domino has a lot of nice security features. It has its own public key
infrastructure, encryption, access control, etc. However, there are a lot of
features that need to work together. Lots of security settings generates
complexity. And complexity is the greatest foe of security.

Take, for example, agent security. In R6, agent restrictions may be set on
each agent instead on each server. This generates more complexity as each and
every agent would have to be administered security-wise. An agent has three
runtime security levels:

  • Do not allow restricted operations
  • Allow restricted operations
  • Allow restricted operations with full administrative rights

One particular agent of mine needed to access the file system on the server,
which is a restricted operation. So, I set the runtime security to level 2.
But, what the documentation fails to tell me, is that there is a setting on the
server document that overrides this. In order for user to be able to run an
agent performing restricted operations, not only has the agent security level
to be set correctly, the user also needs to be listed in the “run restricted
methods and operations” field in the server document. I guess Lotus added this
feature for flexibility. But flexibility is often perpendicular to simplicity.
And when it comes to security, simplicity is king…

Why Notes/Domino is agile – and why it isn’t

Last few weeks I’ve been back on the horse doing Notes/Domino programming
after been working on various J2EE-projects for a couple of years. And I have to
say that Notes/Domino still amazes me. Why? Swift development. Swift deployment.
Swift change. In my opinion, Notes/Domino fits particularly well when you are
doing prototyping: creating an initial version (or Proof of Concept) of your
application is very quick, allowing to present an initial version to your users
in order to collect feedback and change requests. Furthermore, the
Notes/Domino’s unstructured data model allows your application to be easily
changed during its entire life cycle. Being able to change is what agility is
all about. Put that in your pipe and smoke it. 😉

On the downside, automated unit testing of a Notes/Domino application is very
difficult because of the lack of tool support. Because of this, development
methodology like Test Driven Development (which I am a big believer in) and XP
is hard to do.