Updating data to 3rd party without jeopardizing Lotus Notes security

5 pts.
Tags:
Database security
Lotus Notes
Lotus Notes 6.5
Lotus Notes Database
Web-based access
Hi,

My team and I are stuck.

A 3rd party needs access to certain information on our Lotus Notes database about clients status and we are unsure on how to go about this without jeapodising security and firewalls. We've thought of a web based application for the 3rd party however how will we send them updated limited infomation without also putting strain on the servers.

Regards,



Software/Hardware used:
Lotus Notes 6.5
ASKED: November 15, 2010  10:04 AM
UPDATED: December 3, 2010  2:24 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

I think the Web way is the best approach… but a WebService shall do the tricks also.

I suggest to :
1) build a special view that will include only data that you want to share (for example : client number, client name, client status)
2) create an ACL entry “Anonymous” with reader access (and set the maximum internet acces level to “Reader” also)
3) Give the URL (with IP adress, if it is not “secret”) to access this view to third party
(ie => http://12.18.21.12/DatabaseReplicaID/ViewReplicaID?OpenView)

NOTA 1 :
If you didn’t have already a web access to your Notes application, you have to load the “HTTP” task on the server.
Iif you want to restrict even more the access to this web view, you will have to work with an other Adress Book to authentify the third party user.

Is it enough to start ?

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Chippy088
    Can you pull the information from the db using a query, and then email the result to the customer. It might get messy if you need to keep querying the db several times a day. I also wonder, if a restricted account could be set up in notes, just to be able to view the client status? I am no expert in lotus notes, I just mentioned it as an after thought. Not having any clients who use notes, I have let my knowledge lapse.
    4,625 pointsBadges:
    report
  • Brooklynegg
    BruceWayne: Why would they need another Address Book? Shouldn't they simply be able to have an account made for their web-only access? Also, if they have never used http or https and don't have experience with it, I would recommend getting a knowledgeable consultant to make sure they don't end up opening up a security hole. Chippy088: I don't see any reason why querying the data a resonable number of times during a day should be a problem, assuming there aren't 100,000 clients or some very large number in the view or web service. This would have to be tested to ensure it does not have bad effects, but I don't think there is a reason to suspect poor perfornance. Definitely agree with you on the restricted account.
    3,845 pointsBadges:
    report
  • Bukhosi
    [...] 7. Thanks to BruceWayne, Chippy088 and Brooklynegg for helping out a member trying to update data to a third party without jeopardizing Lotus Notes security. [...]
    0 pointsBadges:
    report
  • BruceWayne
    @Brooklynegg : I always heard that an another Address Book is a recommended and secured way to achieve it. But maybe your solution is enough ? For "knowledgeable consultant", it is always true in the security area. The problem now is to find it ;-)
    4,110 pointsBadges:
    report
  • Brooklynegg
    @BruceWayne, re: "The problem now is to find ...." I could easily recommend a more than a few, if needed. There would need to be money involved, but it wouldn't be 100s of thousands of dollars.
    3,845 pointsBadges:
    report
  • BruceWayne
    @Brooklynegg : Hey, are you one of them ? lol
    4,110 pointsBadges:
    report
  • Brooklynegg
    Nope. I work in a bank. I belong to a local LUG, have attended IAMLUG and know enough people that I could recommend someone.
    3,845 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following