Business Rules implementation techniques - Which one is better?
Business rules in client web pages(away from data)==================================
Developers tend to do this. But for a change in business rule, Need to recompile and redeploy the web applications.
Eventually, If you expose data through web service your application cannot make sure who is going to access which data, because web service consuming application will write their own set of business rules.
Data is in your hand but business rules are not in your control, every other consuming application will implement their own rules.
Managing/Maintaining business rules across different applications is difficult.
Change in business rule needs to be replicated in all the consuming applications.
Business rules in back end stored procedures(along with data)============================================
The above said points are valid & true for authorization rules and security rules also.
Please comment if you have any other thoughts.