Since version 2011 vol 2, the eXpressApp Framework includes a preview of the Middle Tier architecture. XAF applications can now obtain data from the application server, thus preventing the client application from direct database connections.
To simplify creation of the application server, an Application Server v11.2 project template is available.
If your application connects to a datasource via the XAF Middle Tier Application Server, a good solution is to run the security engine on the server side. The Imporved Security System, which is now in a preview version, can be run using the Middle Tier Application server. A new Proxy security strategy is implemented for this purpose. Your secure data is much safer now as it will not leave the server.
With the new security, client XAF applications connect to the Middle Tier application server via WCF or Remoting. The client's ObjectSpace provides access to the Data Service. Specialized Proxy Security Strategy redirects security requests to the Security Service.