Dennis' Domino Blog
« DCT cost me some time todayTop gear's new season starts this sunday! »

Re: New websecurity feature in Domino 8.5?

  11/13/09 13:40, by dennisvr, Categories: Administration, Lotus, Quickr
In regards to my post about a week ago, I'd like to offer to solution myself. Read the original here: New websecurity feature in Domino 8.5?.

This behaviour originates in Quickr. Excerpt from the qpconfig.xml file:
      security
      =============
      This section controls several security related settings..


        xss_protection
        ===============

        attribute   value    default  description
        =========   =====    =======  =========== 
        enabled     true               uses default and custom filters to check for XSS URL and data field attacks				
                    false    yes       uses only filters provided in qpconfig.xml, and only for URL attacks. 
                                       If none are specified, doesn't filter at all 

        xsrf_protection
        ===============

        attribute   value    default  description
        =========   =====    =======  =========== 
        enabled     true               compares NonceToken values found in URL and server session for URL attacks
                    false    yes       will not compare NonceToken values. 


Very nice IBM!! Full documentation here.

No feedback yet

Yet another Domino/Websphere Admin blog.

About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic



Search

  XML Feeds

Planet Lotus

blog tool
 

©2014 by Dennis van Remortel

Contact | Help | Blog template by Asevo | blog engine | cheap hosting | adsense