What is the workstation execution Control List (ECL)
Environment
Product : Lotus Domino
Platform : PC
Version: r4.x, r5.x
Problem
What is the workstation execution Control List (ECL)
Answer
Workstation execution control list Function Yes Protection User Data File It provides such a mechanism to protect external applications from attacks, Management These external Application Can be executed and allowed? Access Permission.
The workstation execution control list is Based on For each user's workstation, the user can control every aspect in great detail. For example, the user can agree that if a document is signed by a trusted colleague, the document can be executed internally. Program Code You can access documents and Database , Modify environment variables, but cannot access files System And external programs.
Workstation execution control list Use Digital signature to verify executable code. when an attempt is made to execute code, Notes Verify the digital signature on the Code and view the user's workstation execution control list Set To determine whether to perform this operation.
Whether it can be executed or whether it should prompt the user. if the code signer (or matched project) is found in the workstation execution control list and related functions are enabled, the code can be executed. if the operation is not found or found, but the related functions are not enabled, a dialog box is displayed, indicating the operation to be executed and who will sign the operation, and the current workstation execution control list settings do not allow this operation. in this case, the user has the following options: <prohibited>, <executed once>, and <trusted signer>. if the code is not signed, the "unsigned" project will be used to determine the right to allow.
Note: The executable code (stored in Form , Button, operation button, proxy, etc.) is signed by the Creator/last modifier. Code earlier than r4.5 does not contain the signature.
(1) Take R5 as an example to introduce the options and functions in the workstation execution control list.
1) workstation Access Options
When setting the workstation ECL, select from the following options:
The access level option allows Formula And code
Access the file system to attach, detach, read, and write wks.
Access the current database to read and modify the current database
To access the environment variables, use the @ setenvironment and @ getenvironment changes and the LotusScript method to access the notes. ini file.
When the first parameter of @ dblookup, @ dbcolumn, @ dbcommand, and other @ functions is the database driver of another application, use @ dblookup, @ dbcolumn, and @ dbcommand to access the database
Access external code to run the unknown Lotus script class and DLL of notes
Access external programs to access other applications, including activating any OLE object
Use functions such as @ mailsend to send emails.
Read from other databases to read from the database (except the current database) Information
Modify information in other databases (except the current database)
Export data to print, copy to clipboard, import and export data
Access workstation Security ECL modify ECL
2) Java Applet options
When running a Java Applet in notes, some security restrictions are imposed on the applet. This security restriction is sometimes called the Java security sandbox ". This security mode prevents malicious code damage by identifying the operations that a applet can perform and the system resources it can access. These restrictions can be customized based on each signature by enabling the check boxes shown below.
The access permission option allows the applet to perform
Access the file system to read and write files on the local file system
Access the notes Java class to load and call the domino backend object class
Access Network The address is bound to and accepted by the authorized port (Port 0 to port 1024) and connected to other ServiceTool Establish a connection
Print submit print job
Access System Properties to read system properties such as color settings and Environment Variables
The access dialog box and the clipboard access the system clipboard and determine whether the "Security Flag" is displayed in the top-level window ". The security flag is a visual prompt (usually similar to a message in a "Java Applet window"), indicating that this window was created by a Java applet. This operation ensures that you do not inadvertently enter security-related information, such as entering a password in the dialog box disguised as a password. Enable this check box so that the security flag is not displayed.
Process-level access creates threads and thread groups, derives and executes external processes, loads and links external libraries, uses non-public members of the Java core ing Class, and accesses AWT event queues
3) Javascript Option
JavaScript Execution Control List Option Control in notes Customer Machine (whether displayed on the notes form or in the notes Browser Web Page. These options do not control the Javascript executed by other browsers, including Microsoft Internet Explorer, even if they are embedded in the Notes client.
The read and write options (under the general category "allow read data from" and "allow write data to" respectively) control whether javascript can read or modify the Javascript attributes of the "window" object. The "window" object is the top-level object in the Javascript Document Object Model. It has properties applied to the entire window. Protecting access to "window" objects can protect access to other objects on the page, because javascript programs cannot access lower-level objects in the object model without passing the "window" Object first.
You can control the security of the read and write options for the three different classes of window objects:
"Window" Object Class description
The source window controls JavaScript to access the "window" object on the same page of JavaScript code. This is usually a thread with low security. Selecting this option does not prevent javascript from directly calling objects in the source window. This operation bypasses the "window" object and therefore does not force this option to control the list.
Read and Write access is allowed by default.
Other windows on the same host control JavaScript access to the "window" object on a non-JavaScript code page (but the page uses the same host as the JavaScript code page. For example, JavaScript code on one page in the http://www.lotus.com/can access the window object on another page in the http://www.lotus.com. If two pages are in the same frame structure set, this option allows two pages to interact. This is a thread with higher security.
Read and Write access is allowed by default.
Other windows of different hosts allow access to "window" objects on different pages in the frame structure set of different hosts, which is similar to "other windows of the same host. For example, JavaScript code on a http://www.lotus.com/page can access window objects on any other server. This is the highest security thread, because it is possible for others Design A frame structure set that contains pages that execute malicious operations (for example, accessing data on another page that you "trust" in the same frame structure set, this page contains the password you entered or some other sensitive information ).
Read and Write access is not allowed by default.
4) There are two additional execution control list options to control whether to authorize JavaScript executed in the Notes client to open a new web page or Notes document.
The following are available options in the "enable" category:
Option description
The URL of the same host controls access to open pages or notes documents on the same host as JavaScript code.
Open access is allowed by default.
The URLs of different hosts control access to open pages or notes documents on different hosts than JavaScript code.
Open access is not allowed by default.
(2) Initial "ECL" setting of recommendation
Name
Allowed access
Default
Access the current database, access environment variables, read other databases, and access non-Notes databases
No signature
Access the current database, access environment variables, read other databases, and access non-Notes databases
Lotus Notes Template Development/Lotus Notes
All access types
*/Your own organization
All access types
