Yeah, that would work. When they log in, their role is stored in a session variable so I could just do the check that way.
Brad Wood wrote: > Obscurity still isn't security though. Better yet, run whatever > security checks are necessary when displaying a ticket to verify the > person logged in should be able to view it. That really is the only way > to be sure sensitive data isn't exposed to others. All someone would > need was a copy of the link or a network sniffer to pull out ids of > tickets other people were viewing even if they were obfuscated (UUID's). > > ~Brad > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304824 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
