I recently tried sharing an OAP (OutSystems Application Package) file with another user, but they encountered an IP protection error, preventing them from opening or publishing it in their environment.
Out of curiosity, I renamed the OAP file to ZIP and extracted its contents. Inside, I found OML (OutSystems Module) files, which I was able to open and edit in Service Studio without any restrictions.
This leads me to a few questions:
I would appreciate any insights on whether this is an intentional design or a potential security issue.
Thanks in advance for your help! 🚀
You can verify if the Protection is enabled on your environment by going to Service Center -> Administration -> Licensing and you should be able to find an entry like below
"Intellectual Property
When "Protected", assures the Components, such as eSpaces and Extensions, created in your Platform Server can only be published to servers of the same Infrastructure. When "Unprotected", Components created in your Platform Server can be published to any other Platform Server."
If it's unprotected and you want it to be protected you can reach out to OutSystems Support.
Hi @SangWoo Jee ,
If you want to share OML or OAP with other users, please use this tool to share the file instead of direct sharing.
IPP: Intellectual Property Protection (IPP) Rights Validation
Thanks,
Kundan Chauhan
@SangWoo Jee You can unzip the .oap file by renaming it to .zip and extracting the module files.
Since April 2021, licenses issued have IPP unprotected by default, allowing applications to be deployed to other infrastructures. (Ref : https://success.outsystems.com/support/licensing/outsystems_intellectual_property_protection_ipp/ )
However, if IPP is enabled, deployment of OAP, OML, XIF, or OSP files to other infrastructures is not possible (unless you do the IPP validation as suggested by @KUNDAN CHAUHAN ). If deployment is happening despite this, it means IPP is unprotected. Could you please verify this at your end ?
Does the IPP protection setting depend on the configuration I choose?
From what I understand, since April 2021, OutSystems licenses are unprotected by default, allowing applications to be deployed across different infrastructures.
However, if IPP protection is enabled, deployment of OAP, OML, XIF, or OSP files to other infrastructures is blocked.
So my question is:
I’d appreciate any clarification on how IPP protection settings work and whether it’s something I can control based on my needs.
Thanks in advance!
Thank you.
Even with IP Protection set to "Protected," OAP files can still be extracted and accessed. Is this expected behavior?
I checked my Intellectual Property Protection (IPP) settings, and as shown in the screenshot, my environment is set to "Protected" for both Limit and Usage.
However, when I shared an OAP file with another developer, they were able to rename it to a ZIP file, extract its contents, and access the OML files inside.
This raises some concerns:
I’d appreciate any clarification on how IPP works in this case and whether additional measures are needed to secure the source files.
Even with IP Protection set to "Protected," OAP files can still be extracted and accessed. Is this expected behavior? - Yes. This the expected behaviour.
You can even open the OML files in Service studio extracted from OAP however one will not be able to publish it to another environment.
Or copy any code from the module to another one, unfortunately.
Is it possible to change the settings for individual users?
Is there a way?
From 'Proctect' settings to 'UnProctect' settings.
Protected/Unprotected is based on the license file applied and is same for all users in the system.
However you can restrict your developers access ( eg : access specific applications ) by setting up permission using Lifetime https://success.outsystems.com/documentation/11/managing_outsystems_platform_and_application_lifecycle/manage_it_users/understand_the_permission_model_for_it_users/