New Domino based blogs seem to be popping up all over the place, recently I noticed Andrew Barker’s blog based on DomBlog from codestore.net and also John Vaughan with Jonvon.net based on FreeDomBlog.

I have to say that John’s site is the best looking FreeDomBlog template that I have seem.  The changes that he has made are just fantastic.  Wonder if he will send me a copy of his template 🙂

Further to my recent blog about securing a domino server for web access I noticed that Laurent deWalick has written an article with 5 basic steps that should be considered when creating a domino web application.

One new feature that I like in R6 is the Java Console.  If you start the domino server using the ‘-jc -c’ comand line switches it will start up a process called the ‘Server Controller’ which in turn starts up the domno server.

You can then use the Java Console ( jconsole.exe in the Notes program directory ) to connect to the server controller and thus see the normal console window.  The Java Console can also connect to any domino server that is running the Server Controller.

The only problem is that most of us run our domino servers as services that start automatically so starting the service in Server Controller mode takes a little registy hacking

Just open up your registry editor, go to the HKEY_LOCAL_MACHINESystemCurrentControllSetServices key and look for the Lotus Domino key.  In there you will find an entry called ImagePath.  Just edit that on and add the ‘-jc -c’ bit onto the end of what you see.  Reboot and then try out the Java Console.

Don’t forget, messing around in the registry could cause your machine not to function properly.  Always make a backup.

One thing I’ve been doing a lot of recently is Web Mail redirection databases.  I number of places are starting to implement web based mail for their users, some doing it right but unfortunitly some are cutting corners and leaving their servers wide open to attack.

When I have to lock down a domino web server that is open to the internet then here is what I do…

• Delete all templates
• Delete unrequired databases
• Only run the tasks needed by the server
• Add ‘Anonymous’ with No Access to all databases except where required.
• Set ‘-default-‘ to no access except where required.
• Set ‘Maximum Internet Name And Password’ to No Access except where required.

Does anybody else have any suggestions?  What do you normally look out for when securing a Domino server.