Use Code access security LinkDemands. I believe this also protects against reflection.
http://samples.gotdotnet.com/quickstart/howto/doc/security/CodeIdentityDemand.aspx>How do you prevent a user(hacker) from utilizing the businessobject.dll to get access to the database?
>
>In the MM items, it has a getdatset method, by passing all the right keys, the user can get access to the database, and the data.
>Worst yet they can reference my dll and then use my own code against me in there app.(insert,deletes,updates)
>
>is mmApp available as a in the webframework as it is in the winforms framework?
>
>If so what i think i might do is in the business object is check to see if the user is logged in, if not then kick out of the business object.
>
>Thoughts?