Business Objects separate from UI Question - hackers?? - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Business Objects separate from UI Question - hackers??

Message

From

01/09/2004 14:05:12

David Foderick
Net Knowledge
Rancho Santa Margarita, California, United States

To

31/08/2004 09:46:41

Shawn Dorion
GeoSektor.com/Applications4u.com
Cardinal, Ontario, Canada

General information

Forum:

ASP.NET

Category:

The Mere Mortals .NET Framework

Title:

Re: Business Objects separate from UI Question - hackers??

Miscellaneous

Thread ID:

00937993

Message ID:

00938481

Views:

13

Use Code access security LinkDemands. I believe this also protects against reflection.

http://samples.gotdotnet.com/quickstart/howto/doc/security/CodeIdentityDemand.aspx

>How do you prevent a user(hacker) from utilizing the businessobject.dll to get access to the database?
>
>In the MM items, it has a getdatset method, by passing all the right keys, the user can get access to the database, and the data.
>Worst yet they can reference my dll and then use my own code against me in there app.(insert,deletes,updates)
>
>is mmApp available as a in the webframework as it is in the winforms framework?
>
>If so what i think i might do is in the business object is check to see if the user is logged in, if not then kick out of the business object.
>
>Thoughts?

~Dave
Net Knowledge

Click here to load this message in the networking platform