>I got a question from some client: what can be done to prevent some user from opening Windows Explorer and copying DBF files to floppy disk(s). This imaginable thief supposed to be user of VFP system they already have, i.e. s/he has access to the network drive where all data files reside. Could someone really familiar with WinNT networks give some advice here?
>TIA
>
The easiest thing to do is to not give the user any rights to write to a removable medium drive; IOW, set up the system so that only specific userids have write permissions to the drives. In general, this is a better measure than not having the drives present if you can prevent people from easily obtaining privileged user passwords.
From that point, it's a matter of how smart the thief would be. If the user had write permissions to the local drive, he'd have the option of booting to DOS or Win9x and then copying to floppy disk from DOS. One approach to prevent this attack would be to use NTFS on the local drive; DOS, without a driver like NTFSDOS, couldn't read from the NTFS partition to get at the data.
The sufficiently-determined thief can get the data IAC; stealing backups, emailing files, copying to a place where some other system without a secured drive can see the data and copy it is unavoidable. If the user can gain read access to the DBF, write access to removable media, and has a way to copy it to the media, you're SOL.
A backend can make it far tougher to get at the data, but if the thief can do a query and write a text file as output, the data is gone.
>PS: I understand that removing floppy drives from PCs is an option :-).