New databases are created on a server using database templates which determine the design of the database. Some database template are supplied with Domino Software, but they can also be produced by third party vendors or in-house.
The database templates contain the database design, including scripts and agents. In particular, database templates also contain default settings for the access control list (ACL). In general it is recommended taking the following steps after creating a new database.
All ACL entries generated by the database template should be checked.
In particular, the authorisations for the "-Default-" entry should be checked. As a rule, the access level should be set to "No Access" or changed to this effect. Some templates grant excessive privileges (e.g. "Manager" rights) or may contain an incorrect designation of this standard set of rights. The template may contain the designation "-Default-" instead of "Default". In the newly generated database this will result in the incorrect entry "--Default--". As a result, the thus generated entry will no longer be recognised as the "Default" ACL entry by Lotus Notes. If this is the case, then the template must be corrected. The error results from the fact that on creating a database from a template the character "-" is placed as a delimiter in front of and after an entry which contains the character string "Default".
To control anonymous access, the user "Anonymous" should be entered and assigned the access level "No Access" right away.
The ACL must be configured in accordance with the access control plan for the database (see also S 4.120 Configuration of access control lists for Lotus Notes databases).
For every database an administrative server which carries out the "adminp" process that is responsible for the database and takes over administration of the database must be determined.
If it is necessary for the database to be accessed over the Web interface, then the settings associated with this must be made (see S 4.125 Instituting restrictions on access to Lotus Notes databases with browser access).
If the database data is to be protected during Web access, then enforcement of SSL protection must be enabled.
As a final measure, the database and its content (scripts, agents, views etc.) must be signed. A special Notes ID should be used here. This documents that the database has been checked and is released for safe (and as intended) use.
If databases contain scripts or agents which use Notes roles to execute certain actions, then the assignment of roles must be carefully planned. This presupposes that there is detailed documentation of the design available (in the case of third party products) or close co-operation with the database developers (where it is developed in-house). Generally where the database is designed in-house, the design must consider and build on the local security provisions and the administrative concept in use.
Additional controls:
Were all the settings checked after creation of a new database?
