With VFP you are basically stuck with security for idiots... anyone with half a brain and the intent can do you harm.

I like the idea of changing users rights when the launch your VFP app. I'm not positive but I think it's possible for the user to gain some of those rights at the OS level once you have launched your VFP app and the users credentials are verified. Does the security in XP completely issolate the security credentials in the process or would it be possible for a user to minimize the VFP app and still have access to the same resources?

It's also important to not just worry about hiding data, but protecting it from tampering and simple replace all (field) with "ZZZZZZZZ" type attacks. This is why encrypting/decrypting does little to protect you from destructive attacks.

If security is a true concern for your organization, then I would also suggest looking to another database backend.

Also if something bad really does happen the security experts out there will lamb baste you for using VFP when security was an important concern.


Greg
>>The smart a*s answer is, use SQL Server (or other *real* database management tool to store the data) and use VFP for the client side software. Otherwise you are limited by network security for protecting the DBF files ... I did this with a payroll module in an application but it was not very pretty. I was able to prevent some users from seeing the directory in which the files resided. Unfortunately, once the user was granted access to the payroll application they got access to the DBF's as well.
>>
>>You have just described one of the major drawbacks with DBMS like VFP.
>>
>>Just my 2c ... I'm sure others will have better responses.
>
>You can create special user which has acces to your data directory
>and in XP select
>
>[v] Run with different credentials
>
>checkbox
>
>to run your application.
>
>After application finishes, user is logged off. Directory containing dbf files is automatically disconnected. So data can be accessed only by your application.