Leeroy,

>>In terms of preventing users from accessing data in tables that are stored in the same directory as data in tables that I want them to access, how secure is using VFP as the database engine?
Is there some sort of "client engine" software running on the server preventing direct access to the tables base off of security configurations with-in the database for tables, fields, stored procedures, and other objects?<<

I can only talk about my experiences relating to Foxweb (www.foxweb.com), which is a wonderful product I use for all my 'VFP on the web' applications.

As long as you keep your programs, scripts and data files outside of the 'web-root' folder (\inetpub\wwwroot\ is the IIS default) and its subfolders, they are not easily available for download or viewing by 'prying eyes'. However, clever hackers can still guess your directory structure, and Foxweb has lots of advice as to how to get round this, eg. marking file-extensions as non-downloadable, barring file-listing of selected folders, storing files on drives/servers away from the web-server, etc.

It's not difficult and I have had no problems with my web applications so far.

Regards,
Alan