Eh, you say "worst security hole in Domino ever", I say "Domino server-side security has always been a shared delusion". Po-tay-to, po-tah-to.

@1, Jesse, I don't disagree about the shared illusion, but it's one thing to have code running as a user, it's a completely different (and much more scary) thing to have all authentication bypassed by adding a simple HTTP header. You generally have a level of trust in the developer or signer of code. You generally have complete and utter distrust of any drive-by hacker trying to gain access to the server.

It's definitely an additional potential attack vector - there's no getting around with that. My stance is that it's not, when clamped down to a local adapter or LAN, more worrisome than the bevy of other ways to gain heightened access when the attacker has access to run code on the server.

That said, I totally get why an admin would decide that getting accurate remote hosts and connection information in the requests/logs isn't worth the lost sleep.

HTTPEnableConnectorHeaders=1 should only be set on systems that are using the WebSphere plugin to enable another web server to act as a front-end to the Domino web server. This is the only time this setting should be enabled. This setting is not needed with reverse proxy implementations. When this setting is enabled, only the front-end web server should be given access to the Domino web server. This restricted access can be configured using the example for "Allow access only from two trusted proxy servers" in the Domino Administrator Help document "Restricting access by IP address on the Web server" { http://www-01.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_restrictingaccessbyipaddressonthewebserver_t.dita?lang=en }