Andrus,
Do you need the connection open when they're modifying the report? And/or if they're not modifying something that would effect SQL resultset SQLDisconnect() first. Best would be using trusted connection of course.
Cetin
>My application connects as privileged user to SQL server using
>
>
this.nConnHandle = sqlstringconnect( m.cConnString )
>
>sqlstringconnect() returns 1 or some other predictable small integer as this.nConnHandle value.
>
>I allow users to customize reports.
>
>User can add an expression sqlgetprop(1, "ConnectString") to
>output form. This returns the connection strings which contains
>password!
>
>Any idea how to prevent users from retrieving connection password ?
>Is it possible to override (re-define) sqlgetprop() to prevent usage of ConnectString parameter ?