What are the best security measures for running ASP/Access db pages on an external IIS. We are restricted to keep the .mdb file within the web root! The folder the db is located in has no permissions set (no execute, no write, no read) So far we have db-driven login page, authentication, username and password set on .mdb file, and SSL established. Any other helpful ideas?<BR><BR>Thanks!