I agree with brad in that only those people with access to the ticket should see it, then it doesnt matter if they manipulate the id it gets them nothing.
Having role based security or resource based security will help prevent unauthorized users from manipulating the url to view a ticket that they shouldnt have access to. That does tend to make things a bit more complicated though when designing your security framework. -- Gary Gilbert http://www.garyrgilbert.com/blog ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304831 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
