I'm working on the web app which will be hosted on the client's server.
There are various restrictions/security measures in place and I'm concerned that these can be "hacked" because the client will have a direct access to the ASP.Net user database through the SSMS.
I can think of few ways to stop the user from doing this, but I'm interested to find out whether there are any specific standards that I should follow?
If the client has direct administrative access to the database, there's not much you can do. If these are the client's login details - why is this then a problem?