3-Tier
From: Barry (qwerty_at_uiop.com)
Date: 01/16/05
- Next message: Kevin Burton: "FileNotFound exception."
- Previous message: roland: "CAO: use Sponsor or renew license by Client?"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 16 Jan 2005 16:37:36 +0000
I'm working on what I presume to be a standard n-tier configuration, but
after searching the web and Usenet I still can't figure out a good way
to implement it.
The middle tier (henceforth "the server") handles persistence for the
business objects, and can do a few other things with them. 90% of the
presentation layer is standard insert/view/edit/delete. what the clients
can do is limited depending upon their credentials.
I'm doing this in C#/.NET. Assuming that the best way for the
presentation tier to access the business objects is marshal-by-reference
from the server, but I'm happy to be corrected if wrong. How should
security be implemented? Each object has to somehow know which operator
is accessing it. How can this be done in a way which prevents clients
from masquerading? How should the creation of new objects be handled?
I'm trying not to clutter the business classes with excessive
implementation-specific security code. In my preliminary implementation,
each property evaluates
bool f(Object subject, FieldInfo aspect, Operator op, Operation
operation)
passing a reference to the relevant object and field, the operator, and
insert/edit/view/append/delete. I'm still at the stage where this could
be easily changes for a better implementation.
I would be very grateful for any thoughts on the subject.
- Next message: Kevin Burton: "FileNotFound exception."
- Previous message: roland: "CAO: use Sponsor or renew license by Client?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
