Hidden Design in XPages App

I’ve never been a fan of hidden design in Domino databases. If someone can read my Lotusscript code and understand what it does…. he has earned it… 🙂

Recently I got this XPage / Servlet app as an ntf with hidden design. I found this article.. Of course it does not work for properly removed Lotusscript code but it works for the Java code.
I created a nsf, archived it with some fake settings to my local workstation and I got the whole java code….. nice …

If you really want to protect your java code, put in a separate plugin and remove the source from it and use some obfuscators on it. But remember, everytime you hide your code, somewhere dies a young oak……

3 comments on “Hidden Design in XPages App
  1. Interesting. Hiding the design has never really shielded formula language, but I would have assumed Java was more like LotusScript – if it was hidden correctly, it was really hidden.

  2. Sean Cull says:

    We looked at adding automated obfuscators to Java some time ago but it became very complex because all of the Notes JAR dependencies needed to be specified.

  3. David leedy says:

    This was an issue years ago. Someone blogged about it and if I remember right one or maybe two business partners pressured IBM to pressure the blogger to take the post down. While I was not directly involved I was extremely pissed about that. I never really audio talked to IBMers outside a conference but A manager actually called me to “talk me down”. I told him if that would have been a NotesIn9 I never would have taken it down since the method to unhide was fairly common knowledge and even built into ytria I believe. I thought is was wrong to try and shelter this information which created a situation where some people know the issue and risks and others did not.