Notes/Domino XPages Development Forum - ?ReadViewEntries URL Command

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

~Laura Nimhipiskiikle

Nov 19, 2012, 9:52 AM

11 Posts

Resolved

?ReadViewEntries URL Command

Category: Other
Platform: All
Release: 8.5.3
Role: Developer
Tags: XML ReadViewEntries Security URL
Replies: 1

I have a database which is used for lookups by all users.

Users need to be able to open views in backend java / javascript, but should not have access via front end as some of the data is sensitive.

I know how to stop a user using the ?OpenView url command e.g. http://site/database/view?Openview - set the view property to launch an xpage.

I don't know how to stop a user using the ?ReadViewEntries url command e.g. http://site/database/view?ReadViewEntries to get an XML list of the view entries (which may contain sensitive data) other than removing any columns with sensitive data.

a) If I need to lookup to the sensitive data in backend I have a performance hit of retrieving the document from the viewentry rather than get a column value

b) If I need to lookup from the sensitive data then I have a security issue as the column cannot be removed.

So anyone know a way of preventing ?ReadViewEntries URL command ?

~Anita Minasterings

Nov 19, 2012, 2:25 PM

298 Posts

ACL?

Set your user access to No Access and then use SessionAsSigner to run your code with the rights of the signer of the XPage to get the information from the view and display it. Howard