If we have an A5.9 desktop app with security on:

I understood that a user needs access rights to data folders.
We can encrypt files. (lower performances I imagine), but even then, data files can be accessed directly (it could be downloaded for further processing, or partly deleted), and I would prefer not to encrypt (for performance).

1) So, when we have a networked application, how do we control access to data files that can be accessed directly (not through the A5 application)

2) Would it help to have a separate SQL database engine? (are they normally featured to monitor access to databases that are in fact in other folders that are not directly accessible, and give control to only specific applications not just a user?)

3) What security mesures should be taken with security management tables? And what files are they?

4) I imagine that because, minimum, there are username and password involved, we would need a kind of encrypted data transmission from the user to the file server. Can/should we set a kind of SSL on file access? (does it exist, or we need to go on a client/server web application which seems to be more secure, in order to get SSL and more secure because only the webserver has access to data files?) (in other words, is SSL just for web https?)

5) And what about security for a 'desktop run engine' client over the web?

Thanks
Marc