Preventing users from accessing forms and views in a Web application

As you design an application users will access with a browser, you may want to restrict browser users from using URL commands that would open forms and views in your application. For example, you can design your application so that a servlet that uses forms or views will only use the forms and views using URL commands. With the "Don't allow URL open" property set, it will be impossible for browser users to manipulate these application components using Domino® URL commands.

To restrict users from opening parts of an application using URL commands

  • Select a database and choose Design - Design properties.
  • In the Web Access section of the Database properties box, select "Don't allow URL open."

The set of URLs that gets restricted is http://Host/Database.nsf/*Command. This set of URLs includes any command that will open a database such as http://Host/Database.nsf and all URL commands that are prefixed with a ?, such as http://host/database.nsf?OpenDatabase. When this property is set, the error displayed is:

Error 500

HTTP Web Server Notes® Exception - You are not authorized to access that database.