How do you handle situations where a client insists on a technical solution that violates security best practices or system constraints?