ADUG - TMS Web Core Study Group - Second Meeting

Hello Follks!

The first meeting of the study group went well. We had 11 participants and it is not too late to still take part. Just post here and I will share with you the link to a Google Sheet were we gather our results and distribute tasks (e.g. study 1-x {with x of N+}) sample projects and explain them at the next meeting.

Thursday, 7th October 2021 at 7:30 PM (AEDST) on Zoom.

Here are the meeting details:

Please consider joining us on the 7th October 2021.


1 Like

Bother, I forgot about daylight savings, and turned up at 8:30pm AEST.
What was discussed this evening?


I also missed (again) … Scott too … it seems I’m really bad at this. :slight_smile:

And me too


Rainer Sans

Skype “Ray Sans”

Good meeting last night. There is clearly a great deal of power in this solution. I decided to go ahead and get the course just to get up to speed with terminology that is unfamiliar to a desktop developer. I also have Holger’s book so hopefully this is going to be a really useful learning exercise.

Hecky dern - I missed it too. Caught up at work.

I will keep attending future ones though

The book arrived today and Im planning on buying the software this weekend

I have just watched this video, which explains quite a few things that I didn’t understand about Web Core previously.
TMS WEB Core: Building a contact form sending email

Well worth watching!



At the meeting we talked about the importance of code obfuscation and Mathias demonstrated the obfuscation option when deploying the code however the resulting code did not appear all that obfuscated as far as we could tell. I’ve been researching this a bit and found this site that I think is useful background knowledge :-

Hopefully it is useful to you as well.

But that’s all rather pointless, don’t you think?

It can always be easily de-obfuscated, i.e.: https: / / lelinhtinh. github. Io / de4js /

Of course too many obstacles can deter the lesser hackers, so perhaps not quite pointless.


I actually agree. This is a huge issue with interpreted code. Even with things like building complex models in Excel and VBA which is what I have (for reasons of economic necessity) built through most of my working life. It is okay when you are employed by a bank and therefore they own the code and can do with it what they will. However running a business on this would mean surrendering your IP to all and sundry. I think your main defence is that it is much easier to write code than to read it.

I’d like to give my 2 cents as I see this is a recurrent discussion about Web Core. I didn’t participate in the meeting, so I can’t speak about what was discussed there, specifically.

But when you talk about web applications, usually the discussion is a moot point. It’s inherent of web applications that the “source code” is always available.

If you visit any web page or web application: Facebook, Twitter, Google, Salesforce, etc., be it a public web application or a private web application, you will have the “source code” available, because a web application is simply HTML and JavaScript.

That’s also what happens with Web Core. You have to “publish” your source code (HTML+JS) to make it work. That’s what an web application is.

The key point here is that usually a web application (frontend) is tied with a server (backend). It’s the server that you don’t publish. You can see the “source code” of the whole Facebook “web application”, but it’s pointless because all the logic and security and relevant data is in their servers - just like it should be in yours.

In summary, my advice is don’t waste your time trying to obfuscate your web application, but instead, spend time building a solid, correct application architecture, where your sensitive code and data are managed by the server.


Totally agree with Wagner. The WEB paradigm is nothing remotely like what we’re used to in our Delphi applications - takes quite a bit of getting used to.
What is VITALLY important however is a secure encrypted authentication mechanism on both ends that will deny unauthenticated CRUD access on the Server side.

1 Like

Why is the heading for this topic prefixed with October 7 Melbourne ADUG Meeting in the Latest Topics List. All Categories

That’s because this topic was posted as a meeting (that shows on the calendar page).