This article contains examples of code that could potentially be used to hack into a Domino Web site. DominoPower in no way endorses the practice of hacking. The code samples presented here are concrete examples of the methodologies used to compromise Domino security and are good learning tools in that respect.

It seems as if companies and their computers are being hacked on a continuous basis. Every day we get news reports of major Web sites whose content was tampered with. In fact, there's been so much panic about security issues that I think we need to really re-examine our procedures and get back to common sense.

Name and rank
To determine your susceptibility to security breaches, you must first decide what category you fit in. Your company is either high risk or low risk. High risk companies are: any government agency (CIA, NSA, etc.), any company with a massive audience (Yahoo, CNN, etc.), or any company engaged in very controversial activities (pro-choice groups, National Rifle Association, etc.).

If you're not in one of the above groups, then you're probably low risk. People don't seem to want to believe this, but it's true. Hackers hack into government agencies because it's a historical right of passage for them and because they feel there are some dark secrets hidden within the bureaucracy that they want to uncover. Hackers break into companies with large audiences because hacking is like graffiti: the larger the billboard the more people can see you were there and what you have to say. Lastly, they break into companies engaged in things they find personally repugnant and are willing to face punishment by attempting to disrupt them.

I'm not here to defend hacking. I think it's silly and, as I'll illustrate, a big waste of time. Also, I personally have an aversion to ever hearing the words, "The United States of America versus Steven Campbell." Talk about one-sided… Still, people do hack, and there are ways to break into Domino Web sites and compromise Domino security.

The enemy
I'm going to go backwards and first start talking about the least likely security breaches and then move up to the most common. This is because attention seems to be paid to them in this very order.

The distant third most common form of security breach is outside attack. That is, an attack by some person not connected with your company in any way. They may be 16 year-old hackers with no homework that night or sophisticated industrial spies selling information to your competitors. People also lump anarchists in here as potential attackers. I know we programmers may seem messy, but programming is structured and follows strict rules that must be adhered to. No self-respecting anarchist has "Programmer" on his or her business card.