Del, pardon me if I disagree with your statements.
First, people who are concerned with security prefer NOT giving end users
direct table permissions, but only giving them exec rights to stored
I think you're also suggesting that there be a single userid that everyone
uses. Sorry, that would be a very serious security problem that we could
not tolerate. If you mean using an application role to control access, that
would be ok (but each user still should have to authenticate with their own
unique login). This app doesn't happen to use an application role, but I
have other apps that do use them successfully.
As for tadostoredproc being buggy, I don't think so. I have hundreds of
them in use in various apps, and they work extremely well, and very, very
fast -- even across the internet. In fact I have several that return
multiple recordsets. Saves a vast amount of latency which can be an
app-killer across the net.
In the specific case I raised, the behavior doesn't qualify as a bug. True,
I didn't understand how it worked, but now I know.