[eluser]Mark van der Walle[/eluser]
Was looking at the topic start and didnt see anything about logging (or im blind
). He just uses the password in his where clause. In my opinion you should not use the password in update queries but a userid (which should be unique). In your controller you should check if the user is allowed to do this.