Milan wrote: >A potential problem is that it leaks IDs into HTML. >One could easily guess a valid ID which maps to a database > object which he normally wouldn't have access to. >Hm... unless you take special care to obfuscate the ID. Basic security would be to always use a mapping dictionary and generate IDs. Stephan