programmatic security in data access or bus logic tier?

I'm designing an IIS/MTS/SQL7 application with some complex data access
security requirements. Would it make more sense to encode this in the
business logic layer or the data access layer?

Access is driven by business rules; but on the other hand, it might make
more sense to implement this deeper, in the data access layer.

Any thoughts?

[374 byte] By [Flacco] at [2007-11-9 23:50:36]

«« ASP MTS security with IE and Netscape
»» What makes security hard?

# 1 Re: programmatic security in data access or bus logic tier?

personally, i like to store the rules/security as deep down as possible (ie;
into the database) this mitigates the issue of an attacker bypassing the
business logic.

that way if someone fires up Excel to access the data directly there's still
only one set of rules being enforced.

"Flacco" <Flacco001_REMOVE_@twilight-systems.com> wrote:
>
>I'm designing an IIS/MTS/SQL7 application with some complex data access
>security requirements. Would it make more sense to encode this in the
>business logic layer or the data access layer?
>
>Access is driven by business rules; but on the other hand, it might make
>more sense to implement this deeper, in the data access layer.
>
>Any thoughts?
>
>
>

Michael Howard at 2007-11-12 0:15:16 >

This is a Technology portal site for all the developer, It's a community, here you can post your question when you are learning, working, and soso...we'll make it better than yesterday Everyday...

programmatic security in data access or bus logic tier?

Developer Tech

All Classified

Developer Tech New Topic

Developer Tech Hot Topic