Quote:


i will probably have a copy of the business code running on the server at some 
point for some web services (unrelated to the rich-client) but still that code 
will be identical to the business code on the client, so does that really 
complicate things that much? what is the impetus behind your logic? 
performance, scalability, design? 

 
(end of quote)




Depends on your setup, but my primary concern would be security. On the service 
level, you can restrict access on a per-method basis, i.e. you have very 
fine-grained control over who may do what. On the database level however, the 
best you can get is restrict access on a per-table base, i.e. on a much coarser 
grain. 



For example, take an accouting app with two roles: Customers, who may read 
their own accounts, and managers who may read all accounts. If you work on the 
service level, it's easy to restrict access to the showAllAccounts() methods to 
role "manager". If you let the client access the database directly on the other 
hand, you have to grant it read acess to the accounts table for the 
showMyAccount() message - and this means that a potentially malicious client 
has full access to all accounts.
_________________________________________________________
Reply to the post : http://galaxy.andromda.org/forum/viewtopic.php?p=1735#1735
Posting to http://forum.andromda.org/ is preferred over posting to the mailing 
list!


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Andromda-user mailing list
Andromda-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/andromda-user

Reply via email to