Two items from the Domino 7.0.2 readme

by Volker Weber

Domino 7.0.2 allows certain URLs, for example those that generate RSS feeds, to use Basic Authentication, even if Domino Session Authentication is in effect.

I understand why this feature is necessary. RSS readers cannot use Domino Session Authentication, so you can only provide unprotected feeds from Domino (7.0.1 or older) if you are using Domino Session Authentication (which you should). This would open up project databases which you want to monitor with RSS feeds. However, be very careful with this feature in 7.0.2. RSS readers will send user names and passwords in plain text for each refresh. Basic authentication is only encoded with Base64. You need to force the RSS feed into an SSL pipe.

Microsoft Outlook and Microsoft Exchange can be configured to send e-mail to other Outlook and Exchange users by encapsulating Microsoft-specific data in a Transport Neutral Encapsulated Format (TNEF) object. ... Beginning with Domino 7.0.2, the MIME itemizer now recognizes TNEF objects, pulls out any attachments which are encapsulated in a TNEF object, and adds those attachments to the message before writing it to the Domino router's mail box.

Halleluja.

Comments

No more winmail.dat ?
I'll miss them.

Tobias Mueller, 2006-07-08

Why would you consider session-based authentication (which I assume means cookie-based) preferable to HTTP basic authentication?

Stefan Tilkov, 2006-07-08

realizing that TNEF/winmail.dat is a completely proprietary format, and Domino implementing support for it is a concession to bad interoperability. Not sure we should be singing praises for it, but at least it removes one of the "it's not compatible with Microsoft" BS objections from the list.

Ed Brill, 2006-07-08

It's good for the customer.

Volker Weber, 2006-07-08

Thank You IBM to fix that winmail.dat issue! This is really a need! Thank You!

marco foellmer, 2006-07-08

The alternative to #1 would be to use an own web site for the feeds and to turn session authentication off just for that site.

Oliver Regelmann, 2006-07-08

Yup, that’s what we’ve done in the past, as our corporate single sign-on mechanism (entirely separate from Domino) doesn’t play nice with news readers at all.

Ben Poole, 2006-07-08

Stefan: Basic authentication sends passwords in the clear (effectively) on every single request from the browser. Session authentication sends it only once, during the login. So if you want to protect your passwords, you have to use SSL on all transactions with basic authentication. With session authentication it is true that a session cookie can be sniffed, but the vulnerability lasts only as long as the session, so SSL on the login is sufficient to protect against a permanently compromised account.

Richard Schwartz, 2006-07-10

Simply bouncing application/ms-tnef and the like at the inbound SMTP pipe with a permanent error solved this problem for me.

In other words:
In the beginning was the word. And the word was Content-Type: text/plain.

O:-)

Karsten W. Rohrbach, 2006-07-11

Recent comments

Thomas Cloer on Yahoo, Altavista, Google. Next? at 22:03
Götz Görisch on Android One ist überbewertet at 20:52
Jochen Kattoll on Yahoo, Altavista, Google. Next? at 16:59
Manuel Fischer on Android One ist überbewertet at 13:59
Stefan Pfeiffer on Yahoo, Altavista, Google. Next? at 13:06
Thomas Cloer on Yahoo, Altavista, Google. Next? at 10:12
Ragnar Schierholz on Chredge is here at 10:06
Roland Dressler on Surface Laptop 3 :: Ein blinde Empfehlung at 10:06
Lars Berntrop-Bos on Android One ist überbewertet at 09:52
Lars Berntrop-Bos on Android One ist überbewertet at 09:14
Lars Berntrop-Bos on Android One ist überbewertet at 09:11
Martin Loeschner on Yahoo, Altavista, Google. Next? at 08:36
Ulli Mueller on Yahoo, Altavista, Google. Next? at 00:05
Axel Laemmert on Yahoo, Altavista, Google. Next? at 21:23
Valentin Wölm on Yahoo, Altavista, Google. Next? at 19:51
Jochen Kattoll on Android One ist überbewertet at 18:40
Ragnar Schierholz on Yahoo, Altavista, Google. Next? at 18:01
Klaus Seibold on Yahoo, Altavista, Google. Next? at 16:59
Götz Görisch on Android One ist überbewertet at 16:58
Volker Barth on Yahoo, Altavista, Google. Next? at 15:50
Torsten Pinkert on Yahoo, Altavista, Google. Next? at 15:18
Holger Meier on Yahoo, Altavista, Google. Next? at 14:52
Felix Kluge on Yahoo, Altavista, Google. Next? at 14:45
Jochen Kattoll on Yahoo, Altavista, Google. Next? at 14:43
Nina Wittich on Surface Laptop 3 :: Ein blinde Empfehlung at 14:16

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 02:40

visitors.gif

buy me coffee

Paypal vowe