thanx for the reply after modifying the doc, the client sends it to the server for processing (updating it in the DB etc.)
the problem isn't that the client will try to hack my code (the client for that matter are 3 (nice) guys sitting in a cubicle next to mine, and they have access to the vss... :) ). it's a matter of creating a robust design that will prevent ppl from doing any unintentional damage. i guess i could find a way for the server to identify docs that were 'illegaly' made writable by the client and refuse it, but i'm looking for a cleaner way in which the client cannot do any damage. the problem with the factory pattern is that in order for it to be 'exclusive' in its ability to create the doc, we need the doc's ctor to be internal, and the factory to be in the same assembly. once we do that, since the client has access to that assembly, it can create the factory itself (now all we've got to do is design a class that creates the factory that only the server can call. it's the exact same problem - we're back to square 1...) You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
