1) always return BOTH a message AND a resultset, but if the user doesn't have the appropriate privs, return an empty resultset. Check the message using cfif.
or 2) if the user doesn't have the appropriate privs, raise an error in the proc, and catch that with cftry/cfcatch in coldfusion. Since you can assign an error number and message (RAISE_APPLICATION_ERROR in pl/sql) which will then be available to your cf code through cfcatch.message, you can distinguish between a security error and an other database error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:224520 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
