>>>>Multiple users can sign in (one at a time) on a "shared" computer - one signs out, another signs in.
>>>
>>>This is not what the customer wants. They simply want to synchronize the username and password used for the PC/AD and the VFP application to be the same. This way, the users only need to remember one.

It is not May 4th, but "I have a bad feeling"...

>>>So far, I sent them a quote for what I need to do to change the application.
>>>@Hank Fay. If I have to implement this modification, I will not store the AD password anywhere in the VFP DB. Only username.



>>>@Hank Fay. If I have to implement this modification, I will not store the AD password anywhere in the VFP DB. Only username.

Will NOT be enough when the $hit hits the wall.

>Actually it is their IT team who is "pushing" for this change. The users could not care less. I think one aspect they (IT Security) like is that the password in AD is "forced" to be changed every so often (I think every quarter). Where is my app does not require a change of the password.

Yikes! Is their IT team smart enough to look for a scapegoat already or do they really not care ?
...
>>>Personally, I hope they won't go with this change. I know that this will create somewhat of a maintenance headache. And at this point in my life/carrier, this is not my preference.

Your sanest lines in this thread!

>>You could ask the customer to get an opinion from their own IT security team whether it's OK for your app to be given AD credentials.

Lemme translate that from Canadian for you: find anybody with a standing in their security that this customer respects and get him to talk your customer out of this lunacy. Al is too poooolite.

>Actually it is their IT team who is "pushing" for this change. The users could not care less. I think one aspect they (IT Security) like is that the password in AD is "forced" to be changed every so often (I think every quarter). Where is my app does not require a change of the password.

Vfp has many hooks, eval and similar dynamic stuff that is easier to corrupt than statically compiled exe from C/C++. If I had to search for clues after a break in, any Javascript (Electron), Python or vfp app would be looked at first ***and*** remain prime suspect if no smokin' code is found.

I'd look into ways your app will not start up if some flag, file or directory linked to the AD account cannot be reached and eat garlic like crazy in case somebody wants to enter pwd for AD in the vfp app.