T 5.100 Abuse of active contents on access to Lotus Notes

Often the implementation of functions within Lotus Notes databases entails the execution of active components following the occurrence of certain events (e.g. the input of data into a particular field). The active components here could be LotusScript or Java programs, for example, and are also known as agents. Execution of one agent can in turn trigger other agents (e.g. if an agent copies data to another database and this action triggers the execution of agents in the target database). Generally it is possible to distinguish between server-side and client-side execution of agents, but both variants are possible. In addition, when a database is accessed from the Web, the user interface may be implemented using active content (JavaScript, Java applets etc.) that is executed in the browser.

The Execution Control List (ECL) controls what active content can be executed in a Notes client and what authorisations are granted to active content. If the ECL is incorrectly configured, the active content could be used to attack the client. The same applies to the Web interface, for which no ECL exists but which is reliant on the security mechanisms of the browser.

If the ECL is incorrectly configured, it would be possible via active content, for example,

• for data held locally on the client computer (databases, files etc) to be accessed and data "stolen",

• for local data on the clients to be altered or deleted, and

• for harmful programs, for example computer viruses or Trojan horses, to be installed.