It depends on how far you want to go for Security. What I do is have a Custom Tag called: Security.cfm In that TAG, I check to make sure the person that is requesting the deletion has access/authority to do the delete.
Meaning if the person is an Administrator or has a session.role of ADMIN or session.permissions containing for form to make sure their actions are legit. Then it would not matter if it was form, session, or url. As long as it is being checked prior to deleting. >>> [EMAIL PROTECTED] 09/16/03 10:38AM >>> Hey all, I've done this many times before, but I am now doing an application where I need to be a bit more careful with regards to security. What's the best way to delete a record? When you Insert a record that's fine..no trouble there. Updating? You could forward the ID as a Form field, and again there's not a real issue. But deleting. Don't want to pass the ID as a URL, so it can't be done from an HREF link. What's the best way to do this from a single form, perhaps the same form that performs the Modify feature. Is it ok to pass an ID for a record to be deleted in the Form scope? OR could the ID be set as a temporary Session variable that the delete action section would detect and perform the delete on. How do you all handle this? -Gel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com
