I am trying to make the code in a LotusScript library a little bit more difficult for reverse-engineering.
Obfuscation seems to be the path of least resistance, but I’ve found no obfuscation tools for LotusScript.
Comments and suggestions are welcome.
Subject: use .lss file
Move your LS code to .lss files which you include into your code, I’ve seen instances of databases with hidden design that were reverse engineerable.
Subject: where are .lss files stored?
Please correct me if I am wrong, but I believe the .lss files are stored in server’s data directory.
While this will hide the sources from remote users, they are still visible to users with read access to server’s file system.
Subject: Once the code is compiled, you no longer need the .lss file
Source code is not required for code to run, unless the source wasn’t compiled when it was saved (which can happen with shared actions that reference undefined variables and functions). So the lss files do not need to be present anywhere in the runtime environment.
However, I dislike doing this because then you get to have potential problems of different developers having different versions of the lss file stored on their disk, so that if the code fails for some reason it’s hard to be certain what version they were running. I prefer to have one template of reference with all code in the ntf, so that when you go to edit the code you know you’re using the most recent version.
Subject: You don’t need to obfuscate code…
…when you can use hide design instead and not expose the source code at all. If you don’t want to hide the entire design, you would maintain the code in a separate template of non-hidden design, replace the design into a hidden-design libraries template, and then inherit the design elements into the template or nsf where you didn’t want to expose the source.