>>>>Hi,
>>>>
>>>>I think almost every application has a configuration file that stores settings like application folder name, database folder name, and some other configuration settings. Currently I have them in a DBF table. Even though only user with certain permission privilege can access and change the setting - from within the application - anybody who knows how to use VFP can open this table and make a change. I want to change this table from DBF to an XML. Still the application access to the settings in this XML will be controlled by Admin password. But naturally anybody who knows how to use a Notepad will be able to open and make the change in this file. Mainly I want to give users ability to make the change without my assistance (if the person with admin password left or forgot his/her password). Do you think that having "unprotected" configuration file - XML - is a bad or good approach?
>>>>TIA for any suggestions.
>>>
>>>You are probably more secure using a DBF file rather than XML. At least with DBF the casual user is somewhat limited in tools that will allow him to open and edit the settings.
>>>
>>>Make sure the your config file is readonly for anyone other than administrators (using windows permissions).
>>
>>I didn't see your line about readonly properties for the config file (you may have added it while I was replying). But I like it. This could give a little extra security to the file. Except if I change the property of the file to readonly, the application won't be able to change it either. Unless I dynamically un-set the attribute (from within the app) from readonly and then set it again.
>>Thank you.
>
>The application should be running under the current user's security. If the current user is an admin (or make a custom security group if you want) he/she should be able to edit the file..

I don't have a control of what level access a user has, from the Windows stand point. So I can't rely on that. I have to make it all work within my application.