encrypt some form field values and not others is that they are not all
important if altered by a malicious user...
For instance. If I have a text box, I do not need to encrypt a date... My
checks to ensure that the text supplied in that field is a date will take
care of that. I encrypt important values that are used within queries:
SELECT *
FROM table
WHERE someId = Decrypt(form.idfield,"key")
This hides the type of values I am using to build the query with and it also
limits the data that is exposed to the end user.
Mike
> > Yes. All URL and FORM variables should be encypted.
> Especially if you
> > are using a fusebox methodology.
>
> I've tried this, but my users were really upset with prompts
> such as this:
>
> "Please Enter the Hash value of the date you would like"
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
