Jack,

Security is one of the definite disadvantages of local tables if they are exposed to foolish and/or hostile users. However, it is also possible to delete an entire SQL Server or MSDE database if user privileges aren't correct!

Appropriate security depends on customer situation and budget. A useful place to start is "physical security"- i.e. if they can't get to it at all, they can't hurt it. Physical security may be powerful protection for a small mom and pop ("the PC is kept in the locked store room and backups are in the safe at home") but much harder for a banking or hospital customer who may have thousands of PCs that are sometimes unsupervised.

Next comes technical protections. If the customer is a small mom-and-pop using one PC with Windows95 or XP home, there is little native protection for *anything* on the PC if somebody can physically access it. So, consider "Cryptor" to encrypt your data seamlessly- you can encrypt the whole data folder or part of it and manage that with a few extra lines in your app. I.e. you don't need to encrypt and decrypt every time you access or save data, you just declare the table or folder before you open the table and it is seamless from there.

Also consider konxise; it encrypts your application so hackers can't decompile it to get the password for cryptor!

If the data is on a server with proper user security, you can remove User delete rights from the data files/folders to prevent deletion. Combine that with encryption and you have reasonable security in many cases, though a deliberately malicious user can still open a data table using Notepad and corrupt it.

Next, you might consider using something like "West Wind" to create a server application that manages all data access. That way you can remove user access to data completely; they have to access the data via your app. It will always require a rewrite, though.

Finally: as you note, the classical solution is to use a Client/Server database such as Oracle or SQL Server, which are costly, or MySQL which is free, or MSDE which is a limited-user version of SQL Server and is also free. All these databases allow controlled access to data with customised user access rights. However, maintaining MSDE does add extra complexity, so look at your customer very carefully before proposing this!

HTH. FWIW, an accountant auditor will generally be thinking only of the C/S database option and may not consider physical security at all. A small mom-and-pop may prefer your assistance to create and document physical security rather than trying to maintain a C/S database.