.NET Remoting security

.NET Remoting security

Old forum URL: forums.lhotka.net/forums/t/8511.aspx

Antonio Sandoval posted on Wednesday, February 10, 2010

I understand that CSLA check the object permissions in Csla.DataPortal.(Fetch/Update). But what happen if somebody removes or jumps the line "(!Csla.Security.AuthorizationRules.CanGetObject(objectType))" in the local CSLA dll, permissions are rechecked at the server side?

 I need to create custom logins in the RDBMS for each user profile? Or I´m missing something?

Thanks in advance

ajj3085 replied on Wednesday, February 10, 2010

No, it would not be.  If you don't trust the client, you'll need to recheck on the server (and probably need to build two applications which communicate with each other, probably over web services). 

See this thread for more discussion on this topic:  http://forums.lhotka.net/forums/p/6248/30313.aspx

Copyright (c) Marimer LLC