Since the IPP procedure requires the use of a destination code:


How do you plan on doing that? I'm not sure if a code full of zeros is the Community Edition Code for instance...

That could be a thing to add to the process to be honest, an "Allow everyone to use" it kind of option

Best regards,
PC

It doesn't need any activation code ... sssssst don't tell them :-)

I've asked about the IPP and it's purpose to the support once.
So here's what I understood about it.

As the name states it's designed to protect the source code of clients that specifically request that their code can't be used outside their organization.
Once you publish something on a server, it gets bound to that activation code. Activation codes, are bound to every other activation code within the same organization.
This way, between environments of the same customer, no IPP rights are required. IPP will only be required between non-bound activation codes, unless the owner of the original code asks to block those rights.

Hope I didn't say anything wrong.
Now time for theories... :P

So what that means is that Outsystems has an internal database with clients and respective activation codes, where the information of wich allow their code to be used outside their organization is included.

Since that is sensitive/ever changing information, a connection to Outsystems is required to validate IPP. One possible solution would be a WebService, or something of the sort, that would simply return a boolean indicating whether the given activation code has requested privacy or not (Service Studio/Center would have to do this).
The cost of this is it would slow down publishing actions, as well as copy/paste actions (since you can't copy/paste code between non-bound activation codes either) because a connection request & reply would be required. It would also be susceptible to network configuration, so problems could occur depending on the network. Security wise it would also expose an interface to a susceptible Outsystems database, even if it was just a boolean being returned.

Also, it would probably imply that a larger part of the ipp generating/decoding algorithm was local, so easier to crack.
I've sucessfully and easily got a hold of the salt the platform uses to hash ServiceCenter passwords in the past, just because it's present client side.

Edit: I misread your initial post, LOL, and after all that talk... Anyway, simply removing IPP from posted eSpaces would just break the basic principle as well. Since it would provide a way for users to unlock locked code. I guess it wouldn't harm, doing a server side check on the post action for oml, xif and osp files, not removing IPP for "locked" activation codes... :P

Basically, I don't think it's that simple to see IPP change soon, so we'll probably have to keep dealing with that for a while. (And yes, IPP gets on my nerves most of the times as well :P)

if you upload an component, then outsystems should be able to remove the ipp server-side.
makes life so much easier.

and when people post oml's in forums to check for us, we should be able to check that oml easily for the issues.
Perhaps a read-only version, you can publish it to the server but you cannot edit it(?)

how does IPP actually protect the code from being published on an unauthorized server?

Example:
"Company A" hires developer "X,Y,Z", developer X, decides to take the solution home with him, but he finds that he is unable to publish the Solution on his own server.

Next he visits https://www.outsystems.com/ipp to authorize the solution, on his own server, outsystem removes the protection and sends him a copy.

how does this protect "Company A"?

Ho Ho Ho STOP STOP this posts 

My only message was: if you post an OML on this forum, remove the IPP before you post it.
Removing IPP simply load it up on www.outsystems.com/ipp and DON'T fill an activation code 

Hi

This method for removing IPP is not valid anymore.
How can I do it if when I need to publish a component in outsystems forge?

Hello Patrícia,

the new Forge removes IPP automatically.

Best Regards.

Hello,
Nice to know that..I didn't knew about this new Forge's feature.
Well done guys..

another hidden feature :)

And in the Forum? Is the IPP automatically removed as well?