Re: Script for find domino's users

["Simon Delicata" <sdelicata () planer co uk>]

This isn't a proof of concept, but more a probe for misconfigured database
ACL's.

If a Domino web server doesn't have a redirection URL for /mail/* mail
files, then you rely on the access control for each mail file.

Two things can be done to avoid this :

1 - Change the ACL on sensitive databases ( /mail/* , names.nsf ) to :
      Anonymous - No access
      [Default] - No access

2 - Within the Server Document for each server, ensure that "Allow HTTP
clients to browse databases:" is set to "No"

I believe that all versions of Domino server from 4.5 upwards are
suceptible to badly configured ACL's. Any good administrator would have a
hold of this already.



#!/usr/local/bin/php -q
<?

<snip>

</snip>

fclose ($fd);

?>