Neil Robertson-Ravo wrote: > More secure, well they can be encrypted - the better level of security > resides with the fact they are held server side and not inline to the CF > page and can have a greater degree of control placed on them within the > SQL Server/Windows Security model. Sure they can be decrypted fairly > easily but are harder to get to than inline SQL.
The bottom line is that a user can do what you give him permissions to do. If you don't want him to see 90% or change 99% of the data in the database, you should not give him permissions on those data. Putting a DML layer writen in stored procedures in front of that and giving permissions on that layer is avoiding the real issue. But I must admit that adding a layer of stored procedures is usually easier then defining row and column level permissions throughout the database. > They generally are faster (though granted, in some cases they may not be > - cursors springs to mind). In cass where using prepared queries means you are shuffling a huge amount of data between the client and the server, while you only need a little bit as the final result, stored procedures are definitely faster. But for all other cases, I don't really see the difference between stored procedures and prepared queries. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:6:2359 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/6 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:6 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.6 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
