You really should read up on on the various ways MS and VFP have to enable a remote connection to an odbc datasource.
there is not one 'Right Way'
DSNless connections are connections which you make dynamically without having to set up an odbc DSN datasource on each workstation... Sure the driver needs to be installed, but configuration of the driver is done with VFP itself.
Thats one way.

Another is using sqlstringconnect() statment . you pass in your 'connection string ' and here is the hard part, explaining what that is
its a string which looks has the Driver name, IP Address of the server, database name, user name password, and other options (as necessary / or required by the driver) you pass into sqlstringconnect() that long string, values seperated by ; and then you get back a connnection handle, That handle is how from then on(while you session is still active) your database server knows you are valid, and will return to your application the results.

Putting this conneciton information into your dbc, is just another place that which vfp can store it. Its not good or bad, its just different.

you can put that connectstring, in .mem file, or encrypt it in some way, like adding a value to the ascii value to each char() etc, and then convert it to a correct connection string when you pass it to sqlstringconnect()

the options are up to you., but you point was security, and I agree with you, if you put your database username and password in a dbc, its not too secure.

Bob Lee


>Thanks Bob, I still have not all cleared, how can the remote view be set up if there is no connection or a odbc driver associated ?
>what is a dsnless connection ?, will the issue of the sql connect start a session that will be valid until the user issues a logout ?
>
>Sorry to ask back but still don't have it clear,
>
>Regards
>
>Norman
>
>>I dont claim to have all the solutions, but something to think about
>>What I have done, to address this.
>>1 I dont use remote views or connections stored in the DBC. Specifically I use dsnless connections using sqlstringconnect() and SPT()
>>The conneciton strings are stored in a single INI file stored on the users machine. You could create the connection string dynamically based on a calculated function of you own user name and password schema.
>>
>>Thinking again, about this issue. you could have the odbc driver you use keep the user name and password wich you supply them with. (which is the DB username and password) Then connect to your database, calling that dsn. If it passes, the dsn is set up properly.
>>
>>Bob Lee
>>
>>>Hi all, I am concerned about the security issues with the database server and the application server. I have been working with a connection inside the dbc for the remotes view with a fixed user/pwd, but i will like to use the user/pwd of the rdms in order to protect the data, (some users can only select etc) So if i leave the connection witout user/pwd the login prompt of the odbc appearch each time the view is 'used' , change form etc.close form etc. What would be the approach to use the login data of the application in order to pass it seamlessly to the DBserver so that the security issues of grants, selects, inserts etc be validated. I know I can prevent data modification from MY app via code and some framework's security features, but what if someone goes to the dbc and modifies via vfp ?
>>>
>>>Thanks
>>>
>>>Norman Avila