Hidden Design in XPages App

I’ve never been a fan of hidden design in Domino databases. If someone can read my Lotusscript code and understand what it does…. he has earned it… 🙂

Recently I got this XPage / Servlet app as an ntf with hidden design. I found this article.. Of course it does not work for properly removed Lotusscript code but it works for the Java code.
I created a nsf, archived it with some fake settings to my local workstation and I got the whole java code….. nice …

If you really want to protect your java code, put in a separate plugin and remove the source from it and use some obfuscators on it. But remember, everytime you hide your code, somewhere dies a young oak……

3 thoughts on “Hidden Design in XPages App

  1. Interesting. Hiding the design has never really shielded formula language, but I would have assumed Java was more like LotusScript – if it was hidden correctly, it was really hidden.

  2. We looked at adding automated obfuscators to Java some time ago but it became very complex because all of the Notes JAR dependencies needed to be specified.

  3. This was an issue years ago. Someone blogged about it and if I remember right one or maybe two business partners pressured IBM to pressure the blogger to take the post down. While I was not directly involved I was extremely pissed about that. I never really audio talked to IBMers outside a conference but A manager actually called me to “talk me down”. I told him if that would have been a NotesIn9 I never would have taken it down since the method to unhide was fairly common knowledge and even built into ytria I believe. I thought is was wrong to try and shelter this information which created a situation where some people know the issue and risks and others did not.

Comments are closed.