"Active content" includes anything that can be run on a user workstation, including formulas; scripts; agents; design elements in databases and templates; documents with stored forms, actions, buttons, hot spots; as well as malicious code (such as viruses and so-called "Trojan horses").

There are two kinds of ECLs: the Administration ECL, which resides in the Domino Directory (NAMES.NSF), and the workstation ECL, which is stored in the user's Personal Address Book (NAMES.NSF). The Administration ECL is the template for all workstation ECLs. The workstation ECL is created when the Notes client is first installed. The Setup program copies the administration ECL from the Domino Directory to the Notes client to create the workstation ECL.

The workstation ECL

A workstation ECL lists the signatures of trusted authors of active content. "Trust" implies that the signature comes from a known and safe source. For example, every system and application template shipped with Domino or Notes contains the signature Lotus Notes Template Development. Likewise, every template and database that your organization designs should contain the signature of either the application developer or the administrator.

For each signature, the ECL contains settings that control the actions that active content signed with that signature can perform and the workstation system resources it can access.

For a description of ECL access options, see ECL security access options.

How the workstation ECL works

When active content runs on a user workstation and attempts a potentially harmful action -- for example, programmatically sending mail -- the following occurs:

1. Notes verifies that the active content is signed and looks up the signer of the code in the workstation ECL.

2. Notes checks the signer's ECL settings to determine whether the action is allowed.

3. One of the following occurs:

1. If the signer of the code is listed in the workstation ECL and the appropriate setting is enabled, the active content runs.
2. If the active content attempts an action that is not enabled for the signer, or if the signer is not listed in the ECL, Notes generates an Execution Security Alert (ESA), which specifies the attempted action, the signer's name, and the ECL setting that is not enabled.
The ESA gives the user four options:
• Do not execute the action -- to deny the signer access to perform the specified action.
• Execute the action this one time -- to allow the signer access to perform the action only once. The ESA appears again if the same action is attempted in the future. This option does not modify the ECL.
• Start trusting the signer to execute this action -- to allow the action to be performed and modify the ECL configuration to add the signature of the active content to the ECL. This grants permission for the signer to execute the specific action any time on that workstation.
• More Info -- to display a dialog box that provides information about the design type, design name, Notes ID, signature status, and parent database of the code that caused the ESA.

For example, locally scheduled agents, as well as manual agents, can generate ESAs. Click "More Info" to get information about the agent that generated the alert.

See also

The administration ECL
Default ECL settings
Setting up Notes users
Customizing user registration

Glossary

Help on Help

Open Full Help Window

Glossary

Help on Help