Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


Domlog is not reliable for authenticated users

The Authenticated requests is not reliable if I do a basic auth get request against a domino server and write any username and any password this username shows up as an authenticated request.

It would be good that we could rely on authenticated requests is an autenticated request.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Mar 14 2019
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    15 Mar 13:32

    The same goes with the text versions of the logs. It could be that it's standard procedure for web servers to just log the principal as provided by the incoming request whether or not the user is eventually authenticated, but it'd at the very least make sense to change the labels in domlog to not say they're "authenticated".