Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino
Categories Security
Created by Guest
Created on Mar 14, 2019

Domlog is not reliable for authenticated users

The Authenticated requests is not reliable if I do a basic auth get request against a domino server and write any username and any password this username shows up as an authenticated request.

It would be good that we could rely on authenticated requests is an autenticated request.

  • Attach files
  • Guest
    Reply
    |
    Mar 15, 2019

    The same goes with the text versions of the logs. It could be that it's standard procedure for web servers to just log the principal as provided by the incoming request whether or not the user is eventually authenticated, but it'd at the very least make sense to change the labels in domlog to not say they're "authenticated".