>Absolutely. Users need to successfully login to the SQL Server before being able to do anything. Even then, permissions can be explicitly set on the server as to what users can and cannot do with the data on there.

>As far as I know, the directory that houses the SQL data can be locked down to disallow direct access without affecting the users' ability to work with the data once they're logged in.
>
>Laterness,
>Jon

Thanks, Jon. It certainly sounds like SQL Server is the right way to go.

Peter