Andrew Pollack's Blog

Technology, Family, Entertainment, Politics, and Random Noise

Had to perform and ugly hack today - to allow Domino web usernames with @ symbols.

By Andrew Pollack on 09/13/2006 at 04:09 PM EDT

I have a client who has a web based solution in which the users are passed from an outside system. The NCT SSO works great, but the usernames from the other site are actually EMAIL addresses. Domino will allow them to be logged in since the NCT SSO creates the token for them -- but putting email addresses in groups does not work for ACL's.

To get around this, I broke one of my cardinal rules. I modified the Domino Directory. Worse, I modified the most important view in the databases (or one of the two most important anyway). I modified the first column of "$ServerAccess". I did this to prevent stripping usernames from group membership that have "@" symbols in them.

There are many reasons why you shouldn't modify the Domino Directory. Security, Stability, Performance, and future upgrades can all be negatively impacted. Until we have time to modify the entire user management system to alter the usernames as they come in, this is the way we have to do it. In this particular case, since this is the only purpose for this server, the security risk is minimized. The performance risk is also minimized because I'm not creating a new view, and I'm actually simplifying the formula. Still, upgradeability becomes a problem.

I hope we can remove this hack soon, and handle users correctly. Still, I thought some of you might find this hack useful.


There are  - loading -  comments....

My own thoughts on this are...By Richard Schwartz on 09/13/2006 at 09:05 PM EDT
Can't you map the email address to a syntactically valid username during
authentication?


Other Recent Stories...

  1. 03/26/2019Undestanding how OAUTH scopes will bring the concept of APPS to your Domino serverWhile a full description of OATH is way beyond what I can do in this quick blog entry, I wanted to talk a bit about how "SCOPES" interact with the already rich authorization model used by Domino. Thanks to the fantastic work by John Curtis and his team, the node.js integration with Domino is going to be getting a rich security model. What we know is that a user's authorizations will be respected through the node.js application to the Domino server -- including reader names, ACLs, Roles, and so on. The way ...... 
  2. 02/05/2019Toro Yard Equipment - Not really a premium brand as far as I am concernedDear Toro Customer Service, I arm writing about the following machine: Toro Power Max 1120 OXEModel:38654S/N:31000#### Specifically, bearing part #:63-3450 This is the part ($15 online / $25 at the local dealer) that caused me to raise my objections on-line. This piece of garbage is supposed to be a bearing. It carries the shaft which drives both stages of the auger. The shaft passes through the bearing (which is what bearings do) after the auger drive pulley as the shaft goes through the back (engine ...... 
  3. 10/08/2018Will you be at the NYC Launch Event for HCL Domino v10 -- Find me!Come find me in NYC on Wednesday at the Launch Event if you're there. I really do want to talk to ...... 
  4. 09/04/2018With two big projects on hold, I suddenly find myself very available for new short and long term projects.  
  5. 07/13/2018Who is HCL and why is it a good thing that they are now the ones behind Notes and Domino? 
  6. 03/21/2018Domino Apps on IOS is a Game Changer. Quit holding back. 
  7. 02/15/2018Andrew’s Proposed Gun Laws 
  8. 05/05/2016Is the growing social-sourced economy the modern back door into socialism? 
  9. 04/20/2016Want to be whitelisted? Here are some sensible rules for web site advertising 
  10. 12/30/2015Fantastic new series on Syfy called “The Expanse” – for people who love traditional science fiction 
Click here for more articles.....


pen icon Comment Entry
Subject
Your Name
Homepage
*Your Email
* Your email address is required, but not displayed.
 
Your thoughts....
 
Remember Me  

Please wait while your document is saved.