RE: SQL Server -> MS Access "Autonumber"?

Andy Ewings Mon, 16 Oct 2000 07:26:07 -0700
OK, but I'm not suggesting for one minute you pass the ID across in the
URL....I tend to store it as a Client variable in a DB.  All I need to pass
in the URL to maintain state is the CFID and CFTOKEN and only if the user
has session level cookies turned off

------------------------------------------------------------------ 
Andrew Ewings
Project Manager
Thoughtbubble Ltd 
http://www.thoughtbubble.net 
------------------------------------------------------------------ 
United Kingdom 
http://www.thoughtbubble.co.uk/ 
Tel: +44 (0) 20 7387 8890 
------------------------------------------------------------------ 
New Zealand 
http://www.thoughtbubble.co.nz/ 
Tel: +64 (0) 9 419 4235 
------------------------------------------------------------------ 
The information in this email and in any attachments is confidential and
intended solely for the attention and use of the named addressee(s). Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Thoughtbubble. This information may be
subject to legal, professional or other privilege and further distribution
of it is strictly prohibited without our authority. If you are not the
intended recipient, you are not authorised to disclose, copy, distribute, or
retain this message. Please notify us on +44 (0)207 387 8890. 



-----Original Message-----
From: tom muck [mailto:[EMAIL PROTECTED]]
Sent: 16 October 2000 15:20
To: CF-Talk
Subject: Re: SQL Server -> MS Access "Autonumber"?





> I second that.  Mike - I'd be very interested in hearing your reasons as
to
> why you think it is bad practice to use Autonumbers.  Have you had some
bad
> experiences with them?
>
> ------------------------------------------------------------------
> Andrew Ewings


It depends where you use them.  A customer could, for instance, look at a
URL
and see CustomerID=459 and then change this to bring up someone elses
account. .
.Or go into a cookie and change a number, or a hidden form field.  If you
use a
GUID or some sort of algorithm to create a unique ID you're much safer.  I
use
Identity columns all the time, but only with non-critical data.

tom

----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: SQL Server -> MS Access "Autonumber"?

Reply via email to
