Actually, using AD will be more secure.
Have them create an AD group, put users in the group. Use Windows auth for access in SQL Server. Windows will handle all the authentication.
>
>I thought about active directory too. But the project I am working for is for a super high-security company (one of the top 10 defense contractors, probably). They are so sensitive to giving me access to anything that if I ask them for having my app access AD, they will not like it.
>
>I have been trying to understand Hash+salt (the link Sergey sent me) and I understand it conceptually but still not clear on how to apply it to a VFP application.
>Thank you for your input.
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer