>>You miss my point; I dont care what you do, if the app runs on an attackers machine they have it. It may not be the exact same code you wrote but they will have all they need to re-produce it. And your secret keys, and paswords, and whatever else.

Actually that's my point too. ;-)

All you can do is try to make it not worthwhile for the hacker. IME there's a big difference between 10 minutes with Webhex to scoop a fully functional VFP project versus having to disassemble a large dll or hooking and splicing vfp calls line-by-line. I'm not saying the latter can't be done, I'm saying that this sort of disassembly and splicing barrier is as difficult as it gets.

I am a little concerned about the keys passwords etc as I mentioned in my last post. That's not just a VFP issue; if you call between dlls or libraries it's quite easy to eavesdrop. Which is why really secure apps send such calls to protected class members inside themselves or use other protective techniques. You can't do that in VFP but you can inside a dll such as the one created by VFP Compiler. Watch this space. ;-)