I don't think this is a code generation matter. Yes, we can do it ourselves. But it sure looks good for Kevin when we can go into a customer and answer their tough security questions positively. Security, at least to me, should be an integral part of any framework. Otherwise, I'm quite happy with the framework. Maybe I'm off-base, but that's my desire to have security rock solid in the framwork (and I think they are quite close anyhow).

Regards,
Carl.


>PMFJI,
>
>Why don't you encrypt / decrypt on your own. I am going out on a limb, i don't think kevin intended his framework be an application generator.
>I think the only reason the login screen is there is because it ties into the security model.
>
>Also remember this is version "1.x.x.x" of the framework, so i am sure Kevin has a lot of new features up his sleave.
>
>I found an example for you at GotDotNet
>http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=2d6979d2-8998-4a58-951c-831bb0395ec3
>
>OR
>
>http://tinyurl.com/53on9
>
>-- Shawn
>
>
>
>>What you say is true... the passwords are clearly visible. This, in my opinion, is the single biggest flaw of the framework. I feel that this should be addressed within the framework - and hopefully it would be the topmost priority of any bug fix or enhancement to the framework.
>>
>>Regards,
>>Carl.
>>
>>>In the Users table the password is visible and not encrypted in any way.
>>>
>>>Is this a problem?
>>>
>>>Since I am not the administrator of our SQL Server can't administrators look at these tables and see those passwords?
>>>
>>>This application is for a Purchasing system and Internal Auditing would have a fit about this.
>>>
>>>Should I be developing a method to encrypt those passwords so no one can see them?
>>>
>>>Thanks.