Gilles,

I believe what may work for you is creating a seperate database for the SP's. This way, the users will not be able to even get into the other database to list tables. But, as someone said, just seeing the table names really isn't much of a security issue. (I think since the SP runs as it's owner which could be set up to have access to the other database.)

As far as deploying, what we do is distribute a backup of our intial empty database with the SP's encrypted already.

For updating, we have sort of done what Mike said, although we create a seperate EXE that we put out with updates. This .EXE first compiles an SP named dbupdate which updates the database structure if needed, makes any data changes needed. Then the EXE compiles the updated SP's into the database with encryption.

We also have the dbupdate script tag the 'version' of the database to the new number, and our client verifies that the database 'version' matches the client version. If there is a mismatch the user is notified and the ap exits.

BOb