But I’m really more interested in approaches, rather then real code. Like, what is considered bad/good practice. E.g. with DAO the problem is that I can’t simply send mapped object to client via json API, because security.