F
fig000
Hi,
I'm new to the new dot net framework. In using vs 2003, my company
was using webservices which used dataadapters to retrieve and update
data; the web services were called from the presentation layer and were
on a seperate server from the presentation layer.
I've been interested in using the objectdatasource since there's so
much less coding involved. I tried using webservices using
tableadapters as business objects with these object datasources but
found that the webservices had to have a parameter for each field that
needs to be read or updated; this to me could be a maintenance
nightmare, especially if you have a table with a lot of fields.
In my experimentation I found that if you use an objectdatasource
and make the business object a tableadapter (the fill for retrieval and
the built in update function for the updates) you don't have to pass
any parameters, they seem to be provided for you. This is an ideal
solution for rapid application development except for one thing. I am
told that, even if you put the xsd files containing your table adapters
on another server than the presentation layer, this architecture works
out to be a 2 tier app from a security point of view (i.e. the same
user in the presentation layer is accessing the tableadapter queries as
opposed to web services which can be made more secure by giving them a
different "owner").
I was wondering if there is any literature or descriptions of how
tableadapters and/or xsd files can be made more secure by providing and
extra layer between the presenation layer and the data itself (in the
same way the web services on a seperate server acted as another layer).
Any help would be appreciated.
Thanks,
Fig
I'm new to the new dot net framework. In using vs 2003, my company
was using webservices which used dataadapters to retrieve and update
data; the web services were called from the presentation layer and were
on a seperate server from the presentation layer.
I've been interested in using the objectdatasource since there's so
much less coding involved. I tried using webservices using
tableadapters as business objects with these object datasources but
found that the webservices had to have a parameter for each field that
needs to be read or updated; this to me could be a maintenance
nightmare, especially if you have a table with a lot of fields.
In my experimentation I found that if you use an objectdatasource
and make the business object a tableadapter (the fill for retrieval and
the built in update function for the updates) you don't have to pass
any parameters, they seem to be provided for you. This is an ideal
solution for rapid application development except for one thing. I am
told that, even if you put the xsd files containing your table adapters
on another server than the presentation layer, this architecture works
out to be a 2 tier app from a security point of view (i.e. the same
user in the presentation layer is accessing the tableadapter queries as
opposed to web services which can be made more secure by giving them a
different "owner").
I was wondering if there is any literature or descriptions of how
tableadapters and/or xsd files can be made more secure by providing and
extra layer between the presenation layer and the data itself (in the
same way the web services on a seperate server acted as another layer).
Any help would be appreciated.
Thanks,
Fig