1. I could not use the first connection type but cannot figure out why. I have NT,IIS4.0 and Access 97. I opted for the "SpookyLogin_ConnectionString" method that references the global asa.

2. The setup indicates I should she an NT Authentication option. I do not. What would cause this?

3. I read the different options regarding what script you can include on each page to establish a security requirement. I understand the difference between checking a cookie or hitting the DB each time. What I am not sure of is what method I am using if I utilize your pre-written inc_security script.

4. <Last!> Is the DB any more secure if I locate it in a directory outside of the web directory completely and include a password within the global.asa?
Rather than just leave it within the unbrowsable fpdb directory?

Thanks for your help!
Greg

2)I have disabled NT authentication (it still exists) as it causes too much confusion. It is an option used mainly on an authenticated intranet where you have access to user groups. Email me if you think you need it, as there is a little work to do to get your users recorded in the database

3)The method there uses a session or a cookie check. If the session doesnt exist, it checks the cookie, if that doesnt exist, it goes to login.

4) <g> For the ordinary logins, I arent concerned about leaving it there.
A password is only any good for if a person does download it. It doesnt make it more secure on the web. Asp logins arent top level security at the best of times

Do I need to modify some setting regarding clear-text transfers?

Thanks,
Greg

By "email you" ....Did you mean post a response?