I recently went through a sizable evaluation of several of the database products and security tricks and tools. I currently have several very large databases running under MySql. My data integrity requirements are sky high, and with MySql I have found data to occasionally just vanish. My audit and archive files allow me to recover, but many times I have to jump through hoops to recover the lost data. Thus, the process of evaluating products began. I found the SQL Server Express 2005 full package with tools to be the best of the bunch. Security is still an issue. I helped create the security on Mainframe systems, and advised on server environments. If there is someone who has permissions, no matter how low, on your server who has the expertise, they can access and decript everything. There is still no way to stop the expert on a server environment. (For example, I can plant code in the server that creates a 2 tier server environment. The primary tier is mine and is invisible to all but me, and I have have total access to the real server since it is running virtually under my new operating environment (I wont tell you how to do this for obvious reasons)). The point I am trying to make is your security should be high enough that the effort to compomize the environment exceeds the expected return. In most cases, this means you need the minimum amount of reasonable security. In one of my government contracts, I identified the person who broke the security on the application by matching the data that was compromised to the time the data was accessed. It was accessed at the administators lunch break. The culprit was a new freind who was on the phone, video taping the adminstrator entering his password. The site only allowed admistrator access from specific IP addresses. Thats why the freind missed lunch, to allow him to log onto the administrators PC with his id and password. See how easy it is to overcome security in today's world. SQL Server Express 2005 access speeds are significantly faster than MySql on joined requests where there are 100,000+ record databases involved. Standard SQL Server security provides the majority of the world sufficient security, with no additional encryption or security tricks. So that package should meet your data security needs. As a developer, the issue becomes more complex at keeping your applcations secure. There are several toolkits available that will store your forms and applications on SQL Server tables, load them dynamically, and make them vanish on close. This limits your development exposure to those who actually use the forms. Again, do not over estimate the value of your code, and do not underestimate the capability of others to sneak a modification into your code to suite their purposes. That is why an off-site version should be used at regular intervals to compare against the current production version. Oh by the way, 1 Gig of data may not sound lke a lot, but with proper normalization, it is incredibly huge (millions of records). I do tend to ramble at times, but I do know what you are going through. Just step back, take a breath and evaluate your needs. For every one day of planning, you save a month of development effort.
Smiles
Bob