Bernie van't Hof wrote:

> In the last few years we have seen an explosion of ways to move more and 
> more of the app to the client. This makes sense as it lightens server load 
> and reduces duplication eg validation. However it also creates security 
> implications and exposes source code.

You absolutely have to enforce all business and security rules on the server 
side.  Insert/update/delete logic, as well as row and field access 
restrictions.  As you have noted, this cannot be accomplished on the client.

You can choose what rules to duplicate on the client to improve performance 
and/or user experience.

--
Larry DiGiovanni