Thanks Bob, I still have not all cleared, how can the remote view be set up if there is no connection or a odbc driver associated ?
what is a dsnless connection ?, will the issue of the sql connect start a session that will be valid until the user issues a logout ?

Sorry to ask back but still don't have it clear,

Regards

Norman

>I dont claim to have all the solutions, but something to think about
>What I have done, to address this.
>1 I dont use remote views or connections stored in the DBC. Specifically I use dsnless connections using sqlstringconnect() and SPT()
>The conneciton strings are stored in a single INI file stored on the users machine. You could create the connection string dynamically based on a calculated function of you own user name and password schema.
>
>Thinking again, about this issue. you could have the odbc driver you use keep the user name and password wich you supply them with. (which is the DB username and password) Then connect to your database, calling that dsn. If it passes, the dsn is set up properly.
>
>Bob Lee
>
>>Hi all, I am concerned about the security issues with the database server and the application server. I have been working with a connection inside the dbc for the remotes view with a fixed user/pwd, but i will like to use the user/pwd of the rdms in order to protect the data, (some users can only select etc) So if i leave the connection witout user/pwd the login prompt of the odbc appearch each time the view is 'used' , change form etc.close form etc. What would be the approach to use the login data of the application in order to pass it seamlessly to the DBserver so that the security issues of grants, selects, inserts etc be validated. I know I can prevent data modification from MY app via code and some framework's security features, but what if someone goes to the dbc and modifies via vfp ?
>>
>>Thanks
>>
>>Norman Avila