>Peter, security is one of the cast-iron reasons to use a C/S database. But the security has to be done properly, or the data can still be grabbed. You also need to decide whether your users are likely to allow external consultants/visitors etc to access an admin log-in, in which case the data is just as available as ever.

The admin login is secure enough. The sysadmin is going to implement a user timeout and I'm going to be implement an application timeout with re-login required. That will help with folks leaving their terminals on. But those folks don't have the admin login anyway.

Sounds like SQL-Server is really the answer to the question. I've been recommending that anyway to enable access to the database from other lanquages.

In the meantime we may move the data files away from the executable just to make them less obvious. Hidden folder as suggested.

Peter