Clik here to view.
XPages: Running Google’s Chrome V8 Javascript Engine
After answering a question on Stackoverflow.com about the Prototype problematic in the XPages SSJS engine, I thought of running another Javascript engine on top of Domino. While you can use the...
View ArticleClik here to view.
XPages: WebContent Files (1) – Create a file using the Java NAPI
The great Marky Roden has written an interesting article about using the WebContent folder instead of standard domino design elements. To create or manipulate these files programmatically, you can use...
View ArticleClik here to view.
XPages: WebContent Files (2) – Manipulate exitsting files using the Java NAPI
In this article, I will shortly give an overview how you can edit existing file from the WebContent folder (Don’t miss the first article on this topic). First, let’s create a view to display the design...
View ArticleClik here to view.
XPages: WebContent Files (3) – Create a Minimizer Servlet
Because of Stefano Fois comment I decided to write an example about how to create a minimizer servlet for Domino which compresses JavaScript resources on the fly. This is, again, a simple...
View ArticleClik here to view.
REST & Security: CSRF Attacks
In this post I will demonstrate how a do a CSRF attack against a XPages REST service. Let’s assume that we have a custom REST service on a XPage. To keep the example as simple as possible, this service...
View ArticleYii: GridView’s selectionChanged not working on iOS
I had a strange issue with TbGridView‘s (YiiStrap‘s version of CGridView) selectionChanged event: In all browsers, the defined function was executed when a row was selected, but not on devices with iOS...
View ArticleClik here to view.
Hardening SSH vs. Eclipse RSE
After hardening the SSH configuration on a Debian server by removing unsecure ciphers and MACs I got in trouble with Eclipse Remote System Explorer. When trying to open the server, I always got an...
View ArticleSecurity: Usefull HTTP Response Headers
Here is a list of usefull HTTP headers for responses you should know about: X-Content-Type-Options When set to “nosniff“, this header will prevent browsers from MIME-sniffing a response away from the...
View ArticleDer Letzte macht das Licht aus!
Es ist schon faszinierend, wenn mans sich den Wandel in der Lotus Notes Welt näher vor Augen führt: Wäre man für das Einreichen von Themen ausserhalb der Domino-Welt vor ein paar Jahren noch geteert...
View ArticleClik here to view.
HowTo: Vaadin on Domino
This example requires a valid XPages Plugin Development Environment. The execution environment used is the XPages Domino JRE. 1. Create a new plug-in project and select “Equinox” as OSGi framework 2....
View ArticleClik here to view.
HowTo: Vaadin on Domino (2)
When running your own servlet, you eventually want to access the Domino environment. To do this, some changes has to be made to the HelloVaadin plug-in. 1. Open the “MANFIFEST.MF” and open the...
View ArticleClik here to view.
HowTo: Vaadin on Domino (3)
Let’s create another application, based on Vaadin’s AddressBook example. You can download the source code directly or grab the code from the repository; it is a single class file named “AddressbookUI”...
View ArticleClik here to view.
HowTo: Vaadin on Domino (4)
Now, let’s access some Domino resources. I have created a database named “VaadinResources.nsf“, containing a normal image resource, and an image added via package explorer to the “WEB-INF” folder:...
View ArticleClik here to view.
Raspberry Pi vs. IBM Bluemix – 1:0
I had some time last night (the whole family had gone to bed early), so I spent some to look at the XPages integration into Bluemix. I found the Greenwell Travel Expenses Demo: But after clicking a...
View ArticleClik here to view.
REST & Security: Same-Origin Policy / CORS
The “Same-orginin policy“ is an important concept for protecting web applications. In short, only resources from the same domain are allowed, everything else is permitted. To allow access other domains...
View ArticleIBM Bluemix: Filemode-Problems with GitHub
When creating your own build pack for IBM Bluemix applications (or other Cloud Foundry based solutions), it is required to set the correct file mode for the executables before initially pushing them to...
View ArticleRest & Security: A Stateless Token Servlet
I have uploaded some of my projects to GitHub, including an alpha version of a stateless token servlet. The servlet has it’s own authentication mechanism (the password is currently not validated), and...
View ArticleClik here to view.
Rest & Security: More about the DominoStatelessTokenServlet
During the last days I have refined the DominoStatelessTokenServlet a little bit. It is now a pre-beta release, and I think it is time to explain some details about it. While it is still a...
View ArticleREST & Security: Why HTTP GET is insecure (and the other methods too)
Yesterday René commented that submitting username and password with HTTP GET is insecure, because they are submitted in clear text over the wire as part of the URI. At the first moment, I did not give...
View ArticleXPages: Empty HTML5 Attibutes & PassThroughTags
A while ago I developed some HTML5 XPages applications, but the development process was a little bit frustrating because of the missing possibility to add empty attributes to a PassThroughTag. A...
View Article