Isn't that really an issue of network security? If that's an issue, then you would run the application in impersonation mode, impersonating a user who can access the database; no regular users would have this access.

Hank

>How do you protect the initial SQL login? What you told me all happen after you are connected to SQL, how do you prevent someone from using SQL Query Analyzer and delete all records in your tables?