John;

I will be doing this in a few days and will join in the discussion. My thoughts have been to define several security models before attempting this. I tried a security table with user ID, password, etc. It works O.K. I like to have more than one way to do anything whenever possible.

How about using request.form rather than request.querystring? Here is an idea: Load a combo box with the Reports for the supplier from a table. The user selects one of the reports. A textbox (hidden) uses the same data. You double click on the combo box or a command button (I like command buttons) and the report comes up. A list box could also be used as could a table to hold the supplier report data.

By keeping the address out of the URL (querystring) you will have a better degree of security.

I would appreciate yours or anyone else’s comments about these concepts. We might give each other some ideas and could assist each other to some degree so we do not have to reinvent the wheel.

Tom