Much of the password discussion I've seen revolves around encrypting the user-supplied password, but what about the user/password used to make the initial connection? In other words, I'm assuming that the .php file has the initial user and password right in the text in order to make the connection. Is there a way around this, because it seems very insecure to me that these parameters would be in the .php source. Or is the .php source supposedly not readable? thanks, Chuck -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php