That's all I was saying. . .they have their uses, but don't use them where the
data could be at risk. For instance as a hidden form field with an OrderID for
a shopping cart. Any time there is sensitive data accessible to the user via
URL, cookie, view source, etc -- autonumbers shouldn't be used. As far as
things like lists of products, suppliers, states, names, whatever -- it's a
great method for creating a primary key.
tom
----- Original Message -----
From: "Andy Ewings" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Monday, October 16, 2000 10:33 AM
Subject: RE: SQL Server -> MS Access "Autonumber"?
> OK, but I'm not suggesting for one minute you pass the ID across in the
> URL....I tend to store it as a Client variable in a DB. All I need to pass
> in the URL to maintain state is the CFID and CFTOKEN and only if the user
> has session level cookies turned off
>
> ------------------------------------------------------------------
> Andrew Ewings
> Project Manager
> Thoughtbubble Ltd
> http://www.thoughtbubble.net
> ------------------------------------------------------------------
> United Kingdom
> http://www.thoughtbubble.co.uk/
> Tel: +44 (0) 20 7387 8890
> ------------------------------------------------------------------
> New Zealand
> http://www.thoughtbubble.co.nz/
> Tel: +64 (0) 9 419 4235
> ------------------------------------------------------------------
> The information in this email and in any attachments is confidential and
> intended solely for the attention and use of the named addressee(s). Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Thoughtbubble. This information may be
> subject to legal, professional or other privilege and further distribution
> of it is strictly prohibited without our authority. If you are not the
> intended recipient, you are not authorised to disclose, copy, distribute, or
> retain this message. Please notify us on +44 (0)207 387 8890.
>
>
>
> -----Original Message-----
> From: tom muck [mailto:[EMAIL PROTECTED]]
> Sent: 16 October 2000 15:20
> To: CF-Talk
> Subject: Re: SQL Server -> MS Access "Autonumber"?
>
>
>
>
>
> > I second that. Mike - I'd be very interested in hearing your reasons as
> to
> > why you think it is bad practice to use Autonumbers. Have you had some
> bad
> > experiences with them?
> >
> > ------------------------------------------------------------------
> > Andrew Ewings
>
>
> It depends where you use them. A customer could, for instance, look at a
> URL
> and see CustomerID=459 and then change this to bring up someone elses
> account. .
> .Or go into a cookie and change a number, or a hidden form field. If you
> use a
> GUID or some sort of algorithm to create a unique ID you're much safer. I
> use
> Identity columns all the time, but only with non-critical data.
>
> tom
>
> ----------------------------------------------------------------------------
> --
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> ------------------------------------------------------------------------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send
a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
