Erik:

If you choose View Source from your browser menu you can see the code that instantiates the RDS object, here is where the security risk lies. You can get around it by validating users in your COM object when they request data.

In Rick Strahls XML article, he mentions wwHTTPcom. This is something that he has come up with that mimicks the functionaity of RDS, but it looks like more work. Also, in his book he speaks highly of RDS, but says it buggy. I experienced these same problems when I first started working with it messaging ADO recordsets. When I switched to messaging XML, the problems went away.

In ADO 2.5 there will be some RDS updates, maybe they will have come up with a fix for the security issue.

Charlie