>Hi everyone!
>
>I'm just wondering what people here use for basic authentication when it comes to client-server applications. For simplicity, I'll assume a VFP frontend (of course) and a MS SQL Server backend.
>
>When making the connection to SQL, do you usually connect using a user-provided username/password (or NT security, if available), meaning that you create each of your users in SQL (or add NT users)...
>
>- or -
>
>do you create a single user for your application (MyAppUser) on SQL Server, connect using that user and then [optionally] authenticate users with a username/password table in the database?
>
>I'm not talking about a large-scale web application where you have no idea who's going to log in with your apps, but rather a "traditionnal" client-server application where you know who's going to connect (within a business). In my case, I'm thinking along the lines of 15 to 20 users.
>
>I'm asking because I see advantages and inconveniences on both approaches, and I can't say I like one way over the other, so I thought I'd ask what other people do!
>
>Thanks!
Im a smaller office, I have done i both ways. each have its advantages. Personal prefrence is less maintance and greater functionality.
make all the users have the same sql user name and build your own 'user table' with permission levels, which are application levels.
That way, they get logged into the sql server without any trouble, and then they are actually logged into your app, with application level security, ie what forms they have acces to. (things which are just not native to a sql server itself.)

thats just my 2C
Bob Lee