Josh, >Duly noted. Thanks for the info. I guess my target audience tends to be >non-tech types, so I never considered anyone changing hidden fields, or >having any motivation to do so, as there is nothing to be gained. But I >see >what you're saying from a best practices standpoint, and it's trivial to >move the config string from the form to the action page.
Hackers always seem to have motivation. :) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion 8 - Build next generation apps today, with easy PDF and Ajax features - download now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286184 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
