|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: SOAP-RPC and REST and security
Thank you, Michael. The idea of implementing that at the data access layer is good. My guess is that a goodly sized db (say, 4000+ fields and use of remote views) would present a challenge to the designer of the business rules. Also, any parts of the products that use remote views directly across the product would never see the business rules. Challenging. Note: this isn't related to this thread, but field level security comes up a lot these days. len -----Original Message----- From: Michael Brennan [mailto:Michael_Brennan@A...] It does add some overhead, but it also pays off in terms of affording rich functionality. Our software is explicitly designed to support a vendor's extranet for partners. The models for what privileges vendors wish to accord to specific partners can get fairly complex, and would be unmanageable IMO with a straightforward ACL model. The sort of business functionality requires the sort of flexibilty that our model affords. The field level security is accomplished by integrating it with our data access layer and keeping developers from hitting the database directly. So the overhead is largely just a matter of interpreting and reformulating SQL DML statements (based on customizable business rules) rather than just passing them blindly on through to the database.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








