If the server is not allowed to touch or look at the type, it can't really check for correctness. Even if you did, there's the dange of breaking apps. > My thinking goes like: unenforced solution -> breakage in some client -> > CVE-2011-0815 Meh. The client should simply treat properties like user input - if you don't check it, the big boys will laugh at you. Cheers, Peter