Home > Articles

  • Print
  • + Share This
This chapter is from the book

Changing Your Security Preferences

In addition to controlling your user preferences, you can modify your Notes workstation security options. To modify these preferences, follow this procedure:

  1. From the menu, select File, Preferences, Security Preferences to open the User Security dialog box (see Figure 3.27). You'll be asked to authenticate first before accessing the dialog box.

Figure 3.27Figure 3.27 The User Security dialog box enables you to customize your security preferences.

NOTE

Your system administrator might have created an Execution Control List for the entire organization and disabled your ability to modify it. If so, you will not be able to see or use the Workstation Security dialog box.

  1. When the dialog box appears, you can change many options. The options are divided into six categories.

    • Security Basics—Enables you to perform tasks relating to your user ID file, including renewing your ID file, changing your password, dealing with a compromised password, and setting the logout settings for your workstation.

    • Your Identity—Enables you to perform several functions relating to your certificates, including importing and renewing certificates, creating new public keys, and requesting a name change.

    • Identity of Others—Consists of two subtabs that enable you to view certificates for people and services and also view certificate authorities and their issued certificates.

    • What Others Do—Enables or disables various levels of security, called the Execution Control List, for Notes code that can access the Notes/Domino environment, local workstation, and network resources. This tab also provides the access of applets and JavaScript to the local workstation and other resources.

    • Notes Data—Manages all secret keys for document encryption. This tab includes the capability to create, import, and mail secret keys.

  2. After you have changed your options, click the OK button to close the User Preferences dialog box.

The heart of the workstation's security is under the What Others Do tab within the security preferences (see Figure 3.28).

Figure 3.28Figure 3.28 The User Security dialog box gives you fine-grained control over programs that execute on your workstation.

You can control the execution based on whether the program is signed or who has signed the document or mail message. Regular workstation security enables you to control the following:

  • Access to the file system

  • Access to the current database

  • Access to environment variables

  • Access to non-Notes databases

  • Access to external code

  • Access to external programs

  • Capability to send mail

  • Capability to read other databases

  • Capability to modify other databases

  • Capability to export data

  • Access to modify the Execution Control List (ECL)

Java applets and JavaScript run within a Web browser on your workstation, but they are created by some unknown Web page designer. So, you are running someone else's program on your machine. For this reason, you typically do not want to allow Java applets to access your file system. It's recommended that you enable this option only for specific groups or individuals, not for default access.

Access to the Notes Java classes allows a Java applet to access data stored within a Notes database that might reside on your local machine. The same caution applies: You will be running someone else's Java program, and it can access data within your local databases. I recommend that you enable this option only for trusted groups or users.

NOTE

Java applet security is controlled in three places. First, it is addressed in the User Preferences Advanced options. You must enable Java applets. Second, within the Execution Control List you can control whether Java applets can access your file system or the Notes Java classes. Third, within the current location document in the Advanced tab is a Java Applet Security tab. Review all these places if you suspect that Java security is giving you a problem. Finally, Java agents running on a Domino server are enabled in the Domino Directory.

The JavaScript security controls are shown in Figure 3.29.

Figure 3.29Figure 3.29 JavaScript security ECL controls reading, writing, and URL open access.

  • + Share This
  • 🔖 Save To Your Account