DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 2 of 2

Thread: programmatic security in data access or bus logic tier?

  1. #1
    Flacco Guest

    programmatic security in data access or bus logic tier?


    I'm designing an IIS/MTS/SQL7 application with some complex data access
    security requirements. Would it make more sense to encode this in the
    business logic layer or the data access layer?

    Access is driven by business rules; but on the other hand, it might make
    more sense to implement this deeper, in the data access layer.

    Any thoughts?




  2. #2
    Michael Howard Guest

    Re: programmatic security in data access or bus logic tier?


    personally, i like to store the rules/security as deep down as possible (ie;
    into the database) this mitigates the issue of an attacker bypassing the
    business logic.

    that way if someone fires up Excel to access the data directly there's still
    only one set of rules being enforced.

    "Flacco" <Flacco001_REMOVE_@twilight-systems.com> wrote:
    >
    >I'm designing an IIS/MTS/SQL7 application with some complex data access
    >security requirements. Would it make more sense to encode this in the
    >business logic layer or the data access layer?
    >
    >Access is driven by business rules; but on the other hand, it might make
    >more sense to implement this deeper, in the data access layer.
    >
    >Any thoughts?
    >
    >
    >



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center