The first meeting of the study group went well. We had 11 participants and it is not too late to still take part. Just post here and I will share with you the link to a Google Sheet were we gather our results and distribute tasks (e.g. study 1-x {with x of N+}) sample projects and explain them at the next meeting.
Thursday, 7th October 2021 at 7:30 PM (AEDST) on Zoom.
Here are the meeting details:
Please consider joining us on the 7th October 2021.
Good meeting last night. There is clearly a great deal of power in this solution. I decided to go ahead and get the course just to get up to speed with terminology that is unfamiliar to a desktop developer. I also have Holger’s book so hopefully this is going to be a really useful learning exercise.
At the meeting we talked about the importance of code obfuscation and Mathias demonstrated the obfuscation option when deploying the code however the resulting code did not appear all that obfuscated as far as we could tell. I’ve been researching this a bit and found this site that I think is useful background knowledge :- https://blog.jscrambler.com/javascript-obfuscation-the-definitive-guide/
I actually agree. This is a huge issue with interpreted code. Even with things like building complex models in Excel and VBA which is what I have (for reasons of economic necessity) built through most of my working life. It is okay when you are employed by a bank and therefore they own the code and can do with it what they will. However running a business on this would mean surrendering your IP to all and sundry. I think your main defence is that it is much easier to write code than to read it.
I’d like to give my 2 cents as I see this is a recurrent discussion about Web Core. I didn’t participate in the meeting, so I can’t speak about what was discussed there, specifically.
But when you talk about web applications, usually the discussion is a moot point. It’s inherent of web applications that the “source code” is always available.
If you visit any web page or web application: Facebook, Twitter, Google, Salesforce, etc., be it a public web application or a private web application, you will have the “source code” available, because a web application is simply HTML and JavaScript.
That’s also what happens with Web Core. You have to “publish” your source code (HTML+JS) to make it work. That’s what an web application is.
The key point here is that usually a web application (frontend) is tied with a server (backend). It’s the server that you don’t publish. You can see the “source code” of the whole Facebook “web application”, but it’s pointless because all the logic and security and relevant data is in their servers - just like it should be in yours.
In summary, my advice is don’t waste your time trying to obfuscate your web application, but instead, spend time building a solid, correct application architecture, where your sensitive code and data are managed by the server.
Totally agree with Wagner. The WEB paradigm is nothing remotely like what we’re used to in our Delphi applications - takes quite a bit of getting used to.
What is VITALLY important however is a secure encrypted authentication mechanism on both ends that will deny unauthenticated CRUD access on the Server side.