I understand that CSLA check the object permissions in Csla.DataPortal.(Fetch/Update). But what happen if somebody removes or jumps the line "(!Csla.Security.AuthorizationRules.CanGetObject(objectType))" in the local CSLA dll, permissions are rechecked at the server side?
I need to create custom logins in the RDBMS for each user profile? Or I´m missing something?
Thanks in advance
No, it would not be. If you don't trust the client, you'll need to recheck on the server (and probably need to build two applications which communicate with each other, probably over web services).
See this thread for more discussion on this topic: http://forums.lhotka.net/forums/p/6248/30313.aspx
Copyright (c) Marimer LLC