SECURING


Preventing users from accessing forms and views in a Web application

If you design a database application that users will access with a browser, you may want to restrict browser users from using URL commands that would open forms and views in your application. For example, you can design your application so that a servlet that uses forms or views will only use the forms and views using URL commands. With the Don't allow URL open property set, it will be impossible for browser users to manipulate these application components using Domino® URL commands.

Procedure

1. Select a database and choose Design -> Design properties.

2. In the Web Access section of the Database properties box, select Don't allow URL open.

Results

The set of URLs that gets restricted is http://Host/Database.nsf/*Command. This set of URLs includes any command that will open a database such as http://Host/Database.nsf and all URL commands that are prefixed with a question mark (?), such as http://host/database.nsf?OpenDatabase. When this property is set, the error displayed is:

Error 500

HTTP Web Server  Notes Exception - You are not authorized to access that database.

Parent topic: The database access control list