Securing TableAdapters/xds files

Hi,

I'm new to the new dot net framework. In using vs 2003, my company
was using webservices which used dataadapters to retrieve and update
data; the web services were called from the presentation layer and were
on a seperate server from the presentation layer.

I've been interested in using the objectdatasource since there's so
much less coding involved. I tried using webservices using
tableadapters as business objects with these object datasources but
found that the webservices had to have a parameter for each field that
needs to be read or updated; this to me could be a maintenance
nightmare, especially if you have a table with a lot of fields.

In my experimentation I found that if you use an objectdatasource
and make the business object a tableadapter (the fill for retrieval and
the built in update function for the updates) you don't have to pass
any parameters, they seem to be provided for you. This is an ideal
solution for rapid application development except for one thing. I am
told that, even if you put the xsd files containing your table adapters
on another server than the presentation layer, this architecture works
out to be a 2 tier app from a security point of view (i.e. the same
user in the presentation layer is accessing the tableadapter queries as
opposed to web services which can be made more secure by giving them a
different "owner").

I was wondering if there is any literature or descriptions of how
tableadapters and/or xsd files can be made more secure by providing and
extra layer between the presenation layer and the data itself (in the
same way the web services on a seperate server acted as another layer).


Any help would be appreciated.

Thanks,
Fig

.

Relevant Pages

  • Re: Just tell me why ? so confuse...
    ... architecture in that case would have a presentation layer communicating ... performance hit caused by web services because we are gaining so much ... more towards our overall enterprise architecture. ... exposed a subset of those facades to other applications that needed to ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Web Services as Data Access Logic Component
    ... windows forms, a Business Logic ... Data access layer as the Microsoft data access application block. ... Business processes will take place both at the web services functions and the ... import them to the UI or to define them also in my presentation layer? ...
    (microsoft.public.dotnet.framework.webservices)
  • Problem updating with object datasource
    ... I've set up a web form with a grid ... and an objectdatasource (in my presentation layer). ... What I've found is that the web service parameters ...
    (microsoft.public.dotnet.framework.aspnet.webcontrols)
  • Problem with updating record with objectdatasource
    ... I've set up a web form with a grid ... and an objectdatasource (in my presentation layer). ... What I've found is that the web service parameters ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Problem with updating record with objectdatasource
    ... One thing I have found out is that the name of the parameter variables that your web service method accepts should be identical to the names of the bound column names. ... If you have a colum data field called ID and firstName (these are listed in the objectDataSource parameters) then your webservice method should have these exact parameter names void update, etc. ... and an objectdatasource (in my presentation layer). ...
    (microsoft.public.dotnet.framework.adonet)