Hi everyone - Here at work we have a somewhat tedious way of accessing stored procedures: They are created, then in Crystal Reports we have to create a dataset based on the stored procedure, then go into the data layer (in C#.net) and create a data table and read in all the information for each row and column. The data layer opens the connection, and then closes it when there is no more info to read. My boss says this is the most secure way. However, I wonder if any security would be sacrificed if the stored procedures were accessed directly to the crystal report. My thoughts are that since there is no SQL in the code, this would not be a less secure method than what we are doing now. Also, it would save a lot of time with the amount of errors I'm encountering from having to type in all the datatable information in the data layer (hence time and aggravation saved as well). Any thoughts