Quoting Michal Zalewski ([EMAIL PROTECTED]) on Mon, Jan 08, 2001 at 08:50:32PM
+0100:
>
> ANY AUTHORIZED USER OF LOTUS DOMINO MAIL SYSTEM CAN GAIN UNAUTIORIZED
> ACCESS TO *ANY* MAILBOX IN THE SYSTEM BY MODIFYING THE TRAFFIC BETWEEN HIS
> CLIENT AND DOMINO SERVER OR BY MODIFYING CLIENT SOFTWARE ITSELF.
>
> (with great sorrow, have to turn my caps lock off)... Not to mention
> accessing / modifying other files than mail\*.nsf entries. I haven't
> checked for that - should be more problematic, but probably can be done.
>
> Again - as I said - your comments are welcome. First of all, it would be
> nice to confirm this problem, and to see if ACLs might help. And *NO* -
> encrypting TCP/IP connection won't change anything, as stated above.
Hmmm, fortunatley Notes allows you to encrypt the whole mailbox so that it
resides encrypted on the server and the client. This is a different option
from encrypting the traffic.
cheers
afx
--
atsec information security GmbH Phone: +49-89-44249830
Steinstrasse 68 Fax: +49-89-44249831
D-81667 Muenchen, Germany WWW: www.atsec.com
May the Source be with you!
