Hi!

Yes, that is a problem. Because that, many programmers use only SQL Pass-Through commands to work with data. You can make cursor returned by SQL Pass-Through command updatable, so it will work the same way as remote view. But this also require different technique and approaches for large applications to maintain queries and handle data properly.

Also, under W2K each user has its own temporary directory. With proper security rights another user will not be able to see DBC files in temporary directory of another user even after VFP app crash or power off. (Under W2K this was made specially for such purpose ;) So when you use W2K already, re-creating DBC on the fly is not a problem. When you're not under W2K, think how to organize similar folder for each user (that could take a lot of time and effort - I just do not know).

Encrypting DBC in the EXE is not very safe, but of course is better. Person that know well how to, can still strip out required data from it. But this usually cost a lot of $$. When hacking costs more than damage from breaking security, most likely hacking will not be made at all. So protection measurements should be made using this point of view.

Of course, you can save database files to disk and then use DBSETPROP() and whatever required. But this can break the security by exposing to each user of what is in the DBC, so, again, you will not be able to create a shared account/password because it will nto be secure.

>Hi Vlad,
>
>Thanks a lot. I understand now. Actually, I'm concerning the security issue.
>Currently, I include the DBC in the .exe and encrypted it. (I believe it is safe) The drawback is that I couldn't use DBSETPROP().
>
>Recreating the DBC in run-time is a good idea. But if the user kill the application then the temporary DBC will be left in the user's PC.
>Any other workaround solutions except VFP7 ? My company seems not willing to upgrade it.
>
>Thank you.
>Wilfred
>
>>
>Hi!
>>
>>You can share only connection that is in the DBC. THis means that when remote view is opened, it will use the connection from the database to connect. Any connection handlers created by connecting using SQL Pass-Through commands will not be used by views. You can do opposite though: open the remote view (that will connect using connection from database), then use CursorGetProp("ConnectHandle") for that view. In such case and in only such case connection will be chared, but that connection is created ONLY by the DBC connection object.
>>
>>This is a well-known security problem, and usually workaround is to re-create the database loaclly at the client computer temporary directory by creating connection and all views programmatically.
>>
>>In VFP7 there is a new feature for "USE" command - for remote view you can specify explicitly the connection string. So in VFP 7 you can do such thing, but it will not be a shared connection (correct me if I'm wrong here), and it will look somewhat differently:
>>
>>1. In the VFP setting, checked the "Share connection" and saved as default.
>>2. Create a database, create a valid connection with "connection string".
>>3. Add a view using that connection and set it as "shared connection".
>>4. Modify that connection and put dumpy "aaaa" in the PWD and UID.
>>5. Open the view: USE MyDBC!TEST1 CONNSTRING 'DSN=testdb;UID=dba_test;PWD=test;SERVER=testdb;'
>>
>>HTH.
>>
>>>Hi,
>>>
>>>I've read a lot of articles about using Shared connection but I failed to make it. Thank you for your help.
>>>What I've done are:
>>>1. In the VFP setting, checked the "Share connection" and saved as default.
>>>2. Create a database, create a valid connection with "connection string".
>>>3. Add a view using that connection and set it as "shared connection".
>>>4. Modify that connection and put dumpy "aaaa" in the PWD and UID.
>>>5. Establish a connection :
>>> n1=sqlstringconnect('DSN=testdb;UID=dba_test;PWD=test;SERVER=testdb;')
>>> The n1 is work. I've tested it by SQLEXEC().
>>>6. Use the remote view: USE TEST1.
>>>
>>>But I always got a message ->Connectivity error: invalid username/password.
>>>
>>>Did I miss something ?
>>>
>>>Wilfred