Previous Topic

Next Topic

Book Contents

Book Index

Security

Lotus Notes has always been a very secure place to store data. Nothing - repeat - nothing can access Notes data without having a valid user ID file. We say we operate in the context of a specific user ID. This implies that List Fields will have the same rights as the currently used ID file, and you cannot access data you're not authorized to access.

Lotus Notes normally asks for a password during startup (this feature can be turned off, if you have enabled automatic synchronization between your Windows user id and Notes. Refer to the installation of Lotus Notes for further details). When entered and accepted, Lotus Notes let you access all the data that you have access to.

When you run additional so-called Notes based applications - such as List Fields, you will also normally be prompted for a password. It may look something similar to this dialog box:

This will happen every time you start the Notes based application.

Why is it like this ? It has all to do with security of your data. Nothing that you don't explicitly allow to access your data, should be able to do so behind the scenes. Imagine how trojan- and virus like applications could install silently and access your data without you knowing it - that would be considered a severe security breach!

How to make Lotus Notes stop asking for a password all the time ?

Unfortunately the standard Notes security makes your legal Notes based applications cry for password every time they access Notes data. Lotus has a feature which allows you to trust all Notes based applications at large.

This feature is controlled within the dialog box of your Notes user ID file, and is thus protected by the heavy Notes user ID protection logic of Lotus Notes. The procedure to allow Notes based applications access, differs a little bit between Lotus Notes Release 5 and Notes 6.

How to allow Notes based applications access to Notes data in Lotus Notes Release 5

Access your user ID dialog box via the menu File -> Tools -> User ID. You may have to enter your Notes password. In this dialog box you will see the following field on the Basics tab.

When you select Don't prompt for a password from other Notes-based programs, you will not be asked for a password.

How to allow Notes based applications access to Notes data in Lotus Notes Release 6

Access your user ID dialog box via the menu File -> Security -> User Security. You may have to enter your Notes password. In this dialog box you will see the following field on the Security Basics tab.

When you select Don't prompt for a password from other Notes-based programs (reduces security), you will not be asked for a password.

Things to think about when you do this

Selecting to trust Notes based applications like shown above will trust all Notes based applications at large. Either you trust none, or you trust all! You cannot select which applications to trust and which you don't trust.

This has some security aspects, since it expose your system for potentially malicious code. After you select this feature, Notes based applications can access your Notes data without you knowing it.

So what to do ? A software vendor (like Voith's CODE...) tells you to install a tool (such as List Fields...) and that you must enable the don't prompt for password-feature above in order to avoid password popups. Make an assessment of the vendor. Is the vendor trustworthy ? Then make an assessment of the application. Should the application be trusted ? If answers to both questions are yes, then enable don't prompt for password, otherwise don't.

But what's more important: You must pay attention to any following Notes based applications you may install later. These applications now have direct access, since the don't prompt for password-feature already has been turned on.

See Also

Installation

Requirements

Two methods, the installer or manual