Skip to main content

Software  >  Lotus  >  

Validating Domino Frameset Src Arguments
 Technote (FAQ)
 
Problem
The Domino autoframe feature uses the Src argument of the OpenFrameSet command; this argument is not intended for general use. An enhancement request was made to limit the use of the Src argument to the design notes in the same database as the frameset being opened.
 
Solution
This enhancement request was reported to Quality Engineering and has been addressed in Domino 6.5.4 Fix Pack 1 (6.5.4.1), Domino 6.5.5, and Domino 7.0. Refer to the Upgrade Central site for details on upgrading Notes/Domino to these releases.

To enable this setting, edit the notes.ini file and add the following line:
    DominoValidateFramesetSRC=1

This parameter is static, so to enable it, you must edit the notes.ini manually and restart the server for it to take effect.

With this setting enabled, when the Web Server OpenFrameSet command has a Src argument, the argument's value is validated to ensure that it designates a design note in the same database as the frameset being opened. This validation prevents improper use of the Src argument to redirect browsers to arbitrary Web sites, which is a possible security vulnerability. Note that the Src and Frame arguments are used by the autoframe feature and are not intended for general use.
 
 
  

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 Advanced Messaging
 Lotus Domino
 Lotus Domino Server
 Operating system(s):
  AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS
 Software version:
  6.5, 6.5.4, 6.5.4.1
 Reference #:
  1211961
 IBM Group:
 Software Group
 Modified date:
 2006-02-10

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.