You could get the MD5 hash of the DLL and check it in your code against the DLL in disk. If they do not match you just spot a message to the user.
I use this technique to check if users have modified external reports to avoid code injection in the dataEnvironment, and it has worked for me.

>Hi Craig
>
>iro your VFP encryption library - because one needs to pass the password to the encryption/decryption routines would an attacker not find it quite easy to substiute their own dll/fll for yours and then intercept the password when the routines get called? Is this a possibility for attack? If so, is there a way around this perhaps by setting up the password in the main app and the dll/fll looking for it under a static variable name or something like that? Or do you feel this an unlikely scenario?
>
>Thanks.