In response to my article on the Flash Data Connection Kit (at http://www.macromedia.com/devnet/mx/coldfusion/articles/data_conn.html) many of you have written to me asking about comments I made as to how to use (or not use) the Firefly components in production environments. Some of the specific questions pertain to my recommending that the SQL Connector not be used, that a generic XML delta packet processor not be implemented, and that table names or other database specific information not be embedded directly in the Flash application.
The truth of the matter is that the validity of my concerns really depends on where the application is being used, and whether or not it is being used in a trusted environment (by trusted users). There is nothing inherently wrong or bad in doing any of those things that I advised against, but doing so does require making some core assumptions that worry me.
The underlying concern here is this: I have a fundamental problem with anything running on the client side of an HTTP connection being able to directly affect SQL statements being executed against a database. Put it this way, would you ever display the SQL that your application page were to execute in an editable