Direct database access

As I understood from the documentation, the only way so far to access a database is by corresponding REST API (XData). Can I somehow connect to SQL Server or Oracle directly?

At this moment we support XData. Bob Swart also wrote an article for using Embarcadero RAD server with TMS WEB Core: 

Personally, I don't have the time to develop REST service just to be able to access my database  using this framework. Also, I believe that most of the people will not accept to pay for RAD Server just to be able to do the same, nor do I wish to have additional dependencies toward other services and technologies in my web application.

I was really looking forward to this product, but without direct DB access to mayor DB manufacturers I don't see the reason to switch from MVC. Pretty much any business application needs DB connection and the current approach is not satisfying (at least for me). I will still monitor the development of this framework and when you enable this feature will definitely buy the product.
1 Like

Creating a REST service for your database is exactly what TMS XData does out of the box.

Other than this, please see: 
Bruno Fierens2018-07-06 11:40:05

TMS Web Core generates 100% client-side applications. None of the code runs in the server, so you should not and could not connect directly to the database. It's not a limitation of TMS Web Core, but of the (nice) architecture of the app it generates. You have security issue: your database user and password will be available in the browser for everyone to see, and all SQL statements would also be available. And you have technical issue: your users will have to have network access to the database, a client installed in each computer, etc.. 

On the other hand, creating a REST server that published your database is ridiculous easy with TMS XData. It's a matter of minutes, these videos show how it's done:

As it seams to me, the main problem here is that the entire application is actually a JavaScript file. Therefore, security is pretty much non-existent as the client can see everything he wants. Attacker can steal the application and sell it as it's own, analyze the application to do damage etc. And even if I use XData I don't see how the attacker is prevented to do damage as he himself can see username, password and all other relevant information about the intermediary service and manipulate it to do damage in the database itself. Please correct me if I am wrong or missing something here.

Maybe ISAPI/CGI should be offered as alternative outputs instead of pure JavaScript, even at the cost being just for Windows. At least the applications would not be so exposed. JavaScript just seams too risky for anything serious.

And as for the security regarding database connection.. I use user account impersonation and application roles, both in SQL Server. But, each would fail here as all relevant info would probably be in JavaScript file.

There is no silver bullet. If you prefer to have ISAPI/CGI, server-side generated HTML files, that's fine. That's what has been used for years until the advent of Single Page Applications. 

But to categorize the TMS Web Core solution as "too risky for anything serious" is an overstatement. Single Page Application is a more modern (meaning more recent) solution than ISAPI/CGI. It's what can be done using Angular, Vue.JS, React and many other modern client-side frameworks. It's just a different paradigm, not worse or better, but for sure widely used.