Quote:
i will probably have a copy of the business code running on the server at some point for some web services (unrelated to the rich-client) but still that code will be identical to the business code on the client, so does that really complicate things that much? what is the impetus behind your logic? performance, scalability, design? (end of quote) Depends on your setup, but my primary concern would be security. On the service level, you can restrict access on a per-method basis, i.e. you have very fine-grained control over who may do what. On the database level however, the best you can get is restrict access on a per-table base, i.e. on a much coarser grain. For example, take an accouting app with two roles: Customers, who may read their own accounts, and managers who may read all accounts. If you work on the service level, it's easy to restrict access to the showAllAccounts() methods to role "manager". If you let the client access the database directly on the other hand, you have to grant it read acess to the accounts table for the showMyAccount() message - and this means that a potentially malicious client has full access to all accounts. _________________________________________________________ Reply to the post : http://galaxy.andromda.org/forum/viewtopic.php?p=1735#1735 Posting to http://forum.andromda.org/ is preferred over posting to the mailing list! ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Andromda-user mailing list Andromda-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/andromda-user