I can think of three options off the top of my head.
1) Control who can delete records and assume that if you have deletion
rights, you can be trusted not to go randomly killing thigs. Not the best
idea.
2) Rather than deleting a record, flag it as "inactive" and adjust other
queries only to look in records flagged as "active". This is nice because
if someone screws up, you can roll it back. Plus, it lets you have a nice
history, should you ever want to look at old records. This is my personal
preference.
3) The session variable scenario you came up with might be viable. I can
see how it could lead to UI workarounds, but it might be OK depending on how
your interface flows.
HTH.
-- Ben Doom
Programmer & General Lackey
Moonbow Software, Inc
: -----Original Message-----
: From: Angel Stewart [mailto:[EMAIL PROTECTED]
: Sent: Tuesday, September 16, 2003 10:39 AM
: To: CF-Talk
: Subject: Best method for securely deleting a record
:
:
: Hey all,
:
: I've done this many times before, but I am now doing an application
: where I need to be a bit more careful with regards to security.
:
: What's the best way to delete a record?
:
: When you Insert a record that's fine..no trouble there.
:
: Updating? You could forward the ID as a Form field, and again there's
: not a real issue.
:
: But deleting.
: Don't want to pass the ID as a URL, so it can't be done from an HREF
: link.
:
: What's the best way to do this from a single form, perhaps the same form
: that performs the Modify feature.
:
: Is it ok to pass an ID for a record to be deleted in the Form scope?
: OR could the ID be set as a temporary Session variable that the delete
: action section would detect and perform the delete on.
:
: How do you all handle this?
:
: -Gel
:
:
:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
http://www.cfhosting.com
