The other day I saw a post from Steve Zavocki “Quick Tip: Don’t Forget to Hide Views from Web Browsers” (http://notesspeak.blogspot.com/2015/09/quick-tip-dont-forget-to-hide-views.html) which reminded me of a technique I’ve used on XPages applications to restrict anyone from guessing a view name to peek at the data.
Simply create a $$ViewTemplateDefault FORM with a Computed Text element with the formula:
"<script>window.location=\"/" + @WebDbName +"\";</script"
Important: WordPress gave me a hard time about displaying script tags. You can copy this code directly, but will need to add a closing angle bracket (>) before the final quotation mark.
Then highlight the Computed Text and mark it as Pass-Thru HTML. Finally, save the form.
Any time a browser tries to open a view by guessing a name (ex. http://www.acme.com/db.nsf/all?OpenView), the browser will be redirected to the database name (in our example: http://www.acme.com/db.nsf), which then uses the Application Property on the Launch tab for “When opened in a browser” to direct it where you want users to go by default. It’s nice because this protects all your views in this database. Plus since the formula uses the @WebDbName function, you can copy this form and use it in any database.
( And if you are using some traditional web views in this same application, you can create specific a $$ViewTemplate for each of them.)
"<meta http-equiv=\"refresh\" content=\"0;URL='/" + @WebDbName + "'\" />"