> application. locking down the CFIDE is just another catch. it may just
> be enforcing your database lockdown, but it another layer of
> enforcement none the less.
>
It isn't another layer of enforcement. It is a redundant and irrelevant
setting in the case you describe.
> no. if a user access my db, and they only have permissions to
> executre on packages.... thats _all_ they will see. Thats how the
> security works. if they try and query on a table... they get an error
> saying it doesnt exist. if they try and execture a procedure they dont
> have access to... again an error saying it doesnt exist.
>
No, if the person uses the login that your application uses. There is
always another login that has full access to the database.
-Matt
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
