Let's say you want to encrypt a table. In Lianja this uses DES3 encryption. This uses 3 keys which, together, provide quite decent security. To use it securely, and agilely, you will want to avoid putting the actual keys in your code. There are two pieces of information you need to have in mind:

1. each key is a max length of 8 chars
2. to use the keys contained in a .h file and #included you will need to macro-expand them. This is different than VFP, where bracketing them in square brackets [ and ] macro expands them, even inside a string. In Lianja it goes like this (for #define's vars of Key1, Key2, and Key3):

encrypt mytable key "&(key1),&(key2),&(key3)"

The nice part of doing it this way, rather than defining a variable, is that examining memory will give the observer no clue as to the actual keys. Which observer? That's why we concern ourselves with security -- we don't know who that might be.

This particular use is for a table used to store connection strings across multiple applications in one project. The name method of using &() to macro-expand within strings can be used to create the connection string without ever creating a memory variable holding the connection string.

Now, the astute observer will note that the .dbo file does in fact contain the key1, 2 and 3 information at the top of the file (where the #include was). True enough: if the bad guys get on your server, your security is toast. Which is why a) mobile apps can be more secure than desktop apps, especially if b) you configure your network with security in mind (I am no expert on the matter, but the essentials are easy to understand).

enjoy,

Hank