Hi,
Reading (excelent) article
Securing VFP Data, by Alf Bormann in FoxTalk's September 2003 issue (requires login to access), learned about a thing that was completelly new to me: "impersonation". Well, that oppened many new opportunities to my VFP app development.
In the first app that I'm developing, using impersonation, I have this situation where it will be run by different users (under different logins) but in order for it to perform certain tasks, that require a network administrator login, it will impersonate using the administrator's login id and perform the task.
It's all ok in the implementation, it impersonates, performs those tasks, gets back to the original login and so forth.
The only problem I'm facing (so far!) is to determine the best way to store (read "hide") the administrator's login and password. Better than that, if I could have a way that *only* the network administrators could set (or store) the login/password and the app could retrieve it for utilization.
Some options that came up (and were discarded, maybe too soon <s>):
- Hard code it inside the app source code
- Store it in an .ini file
- Store it in a field of a Dbf Table
- Encript it and store it in...
I would be very happy to count on your comments and suggestions, thanks!
Fernando
