Peter,
>Without going to a full C/S rewrite, if I stored the data in SQL-Server instead of native files would this give me better protection?Absolutely. Users need to successfully login to the SQL Server before being able to do anything. Even then, permissions can be explicitly set on the server as to what users can and cannot do with the data on there.
>What would keep someone from copying the SQL-Server data? (I think it is stored all in one file--that would make it more difficult.)As far as I know, the directory that houses the SQL data can be locked down to disallow direct access without affecting the users' ability to work with the data once they're logged in.
Laterness,
Jon
Jon Rosenbaum
Devcon Drummer