>I have some code that is using the LogonUser in WIN32API to allow users to log into my application.
>
>The question that someone has asked me is if this is "encrypted" or not. I'm assuming that would be handled by the API - was wondering if anyone knew the answer...
>
>...This is the code I'm using...
>
>

>#define LOGON32_LOGON_INTERACTIVE   2
>#define LOGON32_LOGON_NETWORK       3
>#define LOGON32_LOGON_BATCH         4
>#define LOGON32_LOGON_SERVICE       5
>
>#define LOGON32_PROVIDER_DEFAULT    0
>
>lnFlags = LOGON32_LOGON_INTERACTIVE
>
>DECLARE INTEGER LogonUser in WIN32API ;
>       String lcUser,;
>       String lcServer,;
>       String lcPassword,;
>       INTEGER dwLogonType,;
>       Integer dwProvider,;
>       Integer @dwToken
>       
>lnToken 	= 0
>lcDomain 	= ALLTRIM(Thisform.txtDomain.value)
>lcUsername 	= ALLTRIM(Thisform.txtNTLogin.value)
>lcPassword 	= ALLTRIM(ThisForm.txtDomainPassword.Value)
>
>
>lnResult = LogonUser(lcUsername,lcDomain,lcPassword,;
>                     lnFlags,LOGON32_PROVIDER_DEFAULT,@lnToken) 
>
>DECLARE INTEGER CloseHandle IN WIN32API INTEGER
>CloseHandle(lnToken)
>
>*MESSAGEBOX(IIF(lnResult=1,"PASSED","Failed"))
>
>RETURN lnResult 
>

>
>....thanks!

From MSDN:

lpszPassword [in, optional]

A pointer to a null-terminated string that specifies the plaintext password for the user account specified by
lpszUsername. When you have finished using the password, clear the password from memory by calling the SecureZeroMemory
function. For more information about protecting passwords, see Handling Passwords.