>>>>Hi,
>>>>
>>>>I think almost every application has a configuration file that stores settings like application folder name, database folder name, and some other configuration settings. Currently I have them in a DBF table. Even though only user with certain permission privilege can access and change the setting - from within the application - anybody who knows how to use VFP can open this table and make a change. I want to change this table from DBF to an XML. Still the application access to the settings in this XML will be controlled by Admin password. But naturally anybody who knows how to use a Notepad will be able to open and make the change in this file. Mainly I want to give users ability to make the change without my assistance (if the person with admin password left or forgot his/her password). Do you think that having "unprotected" configuration file - XML - is a bad or good approach?
>>>>TIA for any suggestions.
>>>
>>>I think XML or INI file is fine. Not sure why do you want something super-protected here.
>>
>>In theory someone can open the XML or INI and change the setting of where the DATA folder is (e.g from "C:\MyApp\DATA" to "C:\MyApp\DataXYX"). So in this case the application will stop working. And it would be easy enough to correct. But still will be an interruption. This is why I am concerned.
>
>Giving users any rights over a XML file is like saying "good morning Murphy, ready for work?". Even with best intentions, just about anything can make xml unreadable to the parser. A misplaced space, an € sign inside text (you have to use the proper html entity for any extraneous characters), any ampersand, greater than, less than sign inside a string...
>
>OTOH, my bet is that most users wouldn't know how to open it. They'd doubleclick it and it would open in IE, readonly :).
>
>Ini file may be better. Even if one line is screwed up, the rest is still usable. And you can supply defaults within the same line where you read the values.

I agree that INI is more "secure" than XML from the stand point of messing it up. But INI is so 90s <g>. But I like Tamar's suggestion of checking who changed the file. She also suggested to store the "base" XML file to the .EXE which won't be practical (since each customer has a different settings). But I will see if I can store the "last" version of the XML file into some "hidden" place and being able to restore it, in case checksum does not match (as she suggested). Or if user corrupts the file.
Thank you.