programmatic security in data access or bus logic tier?


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 2 of 2

Thread: programmatic security in data access or bus logic tier?

  1. #1
    Flacco Guest

    programmatic security in data access or bus logic tier?


    I'm designing an IIS/MTS/SQL7 application with some complex data access
    security requirements. Would it make more sense to encode this in the
    business logic layer or the data access layer?

    Access is driven by business rules; but on the other hand, it might make
    more sense to implement this deeper, in the data access layer.

    Any thoughts?



    Share on Google+

  2. #2
    Kurt Guest

    Re: programmatic security in data access or bus logic tier?


    I have some of the same concerns. It is one thing when you are dealing with
    Internet vs an internal application. There is some previuos discussions
    on this topic, which metions using the built in security in the MTS. This
    to me makes since for Internet applications. In my case we want to use the
    same Business logic and persistent objects for both internal and external
    access. My concern is that internally, what is stopping someone else from
    using a machine previously logged into the system(say overnight) and do as
    you please but not have those rights.
    In my case I pass the username and password to the Data objects when I fetch
    the data. The username and password I get from having a login screen and
    creating a CCurrentUser global object in the business logic.
    This has been tested on my own system but not on the MTS(we haven't installed
    yet).
    Any responses I would be glad to hear because i'm also new this type of development
    and there doesn't seem to be much documented when it comes to security issues
    and databases.

    Kurt
    "Flacco" <Flacco001_REMOVE_@twilight-systems.com> wrote:
    >
    >I'm designing an IIS/MTS/SQL7 application with some complex data access
    >security requirements. Would it make more sense to encode this in the
    >business logic layer or the data access layer?
    >
    >Access is driven by business rules; but on the other hand, it might make
    >more sense to implement this deeper, in the data access layer.
    >
    >Any thoughts?
    >
    >
    >


    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center