Protect Lotus Notes from malicious code with the Domino ECL

Related resources from SearchDomino.com: Expert Advice: How does ECL work in Lotus Notes security? Tip: Eliminate execution security alerts Lotus Notes Domino Access, Permissions and Authentication Reference Center

A Lotus Notes Domino ECL is used to determine whether the signer of the code being executed is allowed to run that code from a particular workstation. Also, if the signer can run the code, then the Domino ECL defines the level of access that the code has to various workstation functions.

Basically, you can use a Domino ECL very effectively to restrict access to Lotus Notes database elements, the workstation's file system and the execution of certain operations. For example, it's possible to use an ECL to allow LotusScript programs to access the file system, but to simultaneously deny Java applets the same access.

When a Lotus Notes database is opened and programming logic is executed, the signature ID last used to sign an element is checked against the ECL to determine whether that Lotus Notes ID has been granted permission through the ECL to run. If permission has been granted, either implicitly (default) or explicitly (user named in the ECL) for a particular task, the action is allowed. If not, the action is disallowed.

A workstation can be configured to enable the Lotus Notes user to maintain the ECL, or the Domino administrator can maintain the ECL centrally. Follow these steps to configure a Lotus Notes Domino user-controlled ECL:

1. Select File -> Security -> User Security from the main menu.
2. Enter your password when prompted for it.
3. Click on the "What Others Do" button, which will then open the dialog box. Now, expand the list of ECL options.
4. Choose the type of ECL that you want to configure:
   • "Using workstation"
   • "Using applets"
   or
   • "Using JavaScript"

5. Choose an entry to configure in the "When Code Is Signed By" list or click the "Add" button to enter a new Lotus Notes user.
6. Set the appropriate security options for the current entry.
7. Click "OK" to update the ECL.
8. Click "OK" to close the User Security dialog box.

Do you have comments on this tip? Let us know.

This tip was submitted to the SearchDomino.com tip library by member Jim Mck. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

Rate this Tip To rate tips, you must be a member of SearchDomino.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Lotus Notes Domino Access, Permissions and Authentication Display Lotus Notes user group membership details in a tree view How DirLint verifies data in Lotus Notes Domino 8 directories Fix and update Lotus Notes documents with limited access Lotus Notes access error: 'database is not opened yet' Formula language button manages Deny Access list searches Update the ACL from the Roles view with LotusScript Secure Lotus Notes 8 with the Internet password lockout feature Find a Lotus Notes user within NAB Deny Access groups Move a Lotus Domino server to a new certifier without a reinstall Troubleshoot Lotus Notes Out of Office (OOO) agent error messages Domino How DirLint verifies data in Lotus Notes Domino 8 directories An introduction to Lotus Notes password options and essentials Tivoli Directory Integrator synchronizes Notes Domino 8 directories Setting up RSS feeds in Lotus Notes Domino 8 Secure Lotus Notes 8 with the Internet password lockout feature Troubleshoot Lotus Notes Out of Office (OOO) agent error messages A batch file for Lotus Notes Domino maintenance on Windows Server 2003 Avoid Lotus Notes Domino email archiving ACL issues with AdminP Send pop-up admin messages to Lotus Notes users from Domino Server Update to Exchange Server 2003 Connector for Lotus Notes Lotus Notes Domino Antivirus Software and Virus Protection Online crime as ugly as ever McAfee sued for patent infringement Antivirus researcher Gullotto leaves Symantec for Microsoft McAfee products vulnerable to code execution flaw JavaScript worm spreads through Yahoo Mail Symantec AntiVirus Corporate Edition vulnerable to flaw Virus onslaught sickens smartphones New Sober variant hits inboxes Data shows spyware becoming 'global pandemic' Alleged virus spreader held without bond RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.