Hi Bob,

While many responsible solutions to solving security issues with VFP have been mentioned in this thread already, lets not forget that any network security manager in a medium to large network worth his/her salt will not allow any access to their servers without them being virtually locked down. They will try to get into the data themselves the smart way and the dumb user way to test the system and if an enduser can access files outside his/her own directory or corrupt them outside the app, it is not even allowed on their server.

>>Stephane,
>>
>>There are questions that I have regarding the interactive access to SQL Server. Many people have MS Access installed on their computer. If a user has access to the SQL Server database, what prevents him/her from just opening an Access Data Project, connecting to the database and editing it interactively? If security hasn't been properly configured, what prevents the user from altering or dropping tables?
>>
>>John
>
>This is why the application we ship uses an applicatin role, which allows a very low security level user access when they connect outside the ap, but when the log into the ap it uses the application role to upgrade the connection with rights needed to run the ap.
>
>The other way is to have data access 100% via SP's which could do some type of authentication to determine whether the user is in the ap or not.
>
>BOb