Results tagged “Show and Tell Thursday” from ScottandMargo.net

By default, the Domino web server supports the HTTP TRACE method. Retina Network Security Scanner (and probably other security vulnerability scanners) treat this as a vulnerability because for some web servers, HTTP TRACE can be used as a point of attack for information disclosure.

IBM has a technote out there called "Are there any known vulnerabilites in the Domino server related to HTTP Trace method?" . The technote states that there are no known vulnerabilities with Domino R6's HTTP TRACE method, but they also include instructions on how to disable it if the system owner wants. This is a good thing since it helps knock another hit off on a network scan by the security folks...it's much faster and easier to make that hit go away if you don't need it than it is to explain why it's there and that it's not necessarily a big deal.

The easy way to disable the TRACE method is to uncheck the TRACE box in the Allowed Methods section in the Configuration tab of the site's Internet Site document if the site is using them. Not all Domino web sites use Internet Site documents and some can't (Quickplaces still can't, nor can Sametime) since there is no Allowed Methods section in a server doc.

For non Internet Site doc Domino sites, you need to add "HTTPDisableMethods=TRACE" to the notes.ini. This will disable the method for all sites on the server, by the way, so you can't pick and choose if you're not using Internet Site docs. You can add other http methods here if you want to as well but that's out of the scope of this SnTT posting.

Technorati Tags: Domino, Lotus, Security, show-n-tell thursday, Technology

I was skimming through technotes on the Lotus Support site and came across a technote (193337) that I hadn't noticed before, and since it's Thursday I figured I'd share because I haven't seen it anywhere else:

Does Sametime scan files for transferred viruses?

Without posting the whole content of the technote, what it's saying is that this functionality will be in Sametime 7.5. When I deployed Sametime in my current environment, lacking the ability to scan files in transit is the reason why I wasn't allowed to enable the file transfer functionality.

This feature is going to be as big for me as the new pretty UI on the client. Thank you IBM!

Technorati Tags: Domino, Lotus, Show and Tell Thursday, Software, Technology

Here's the opinion piece.

I have mixed feelings on Show and Tell Thursdays. There's a lot of great information out there. The sharing of code tips and tricks is fantastic, but genereally not useful to me as an admin. Best case for development tips is that I'll see something I recognize and pass it along to a developer I know. Reading positive news and "I was able to accomplish X in my company with Domino" stories is always great too.

Maybe I'm just not seeing them but I don't see a lot of admin SnTT writing. It's hard to make admin interesting. There's a lot of things I do during the day that may be interesting or useful to other people but it's hard to pull it out of the context of my day job and put it out there in a way that's understandable and useful to other people in their environment.

If I think of something that I can write about I'll try to get it out for Show and Tell Thursdays in the future (like I did this week). What I have decided to do in the spirit of SnTT when I don't have anything blogworthy to post is spend more time in the Notes.net forums and answer whatever questions I can in there. That way at least I'm contributing something back to the community on a regular basis. I'm trying to make it a habit because I know that the more I give back in finding answers to people's issues, the more I'll be prepared to deal with new issues of my own.

Technorati Tags: Domino, Lotus, Show and Tell Thursday, Software, Technology

I'll put my thoughts on Show and Tell Thursday in a different post. Look for it (or not) soon. :P Here's an admin thing that popped up again recently for someone I know. It took me a while to remember what the fix was and it takes some digging in Notes.net or Google to find it so it sounded to me like a good SnTT post. This is for Sametime 6.5.1 on Windows. I can't vouch for other platforms. I haven't done this in R7 yet so I don't know if it has the same issue. If you do a lot of partitioned Domino servers like I do, you tend to try to keep all of your server-specific files in the server's data directory. Even servers that aren't partitioned I always put the notes.ini and the server.id in the data directory. It's one less step I need to do later if I need to migrate the server into a partitioned configuration. There's a problem when you do this with Sametime 6.5.1 servers on the install. You get throught the first part of the installation OK, but the second section of the install when it runs stsetup.exe, after you choose your directory type, the installer comes back with a "File does not exist" error. There are probably several conditions that can cause stsetup to throw this error, but in the environments I deal with, it's always been the same thing: stsetup is looking for notes.ini and the server id file in the program directory instead of the data directory. The fix is to just copy those files into the program directory before the Sametime install and then copy them back to the data directory when it's done.

Technorati Tags: Domino, Lotus, Show and Tell Thursday, Software, Technology