I have a login page in my root directory (where an MS Access DB sits as well), I want to be able to secure this DB so someone who hasn&#039;t logged into the website and been validated cannot download this file, etc... Also, I was wondering able the DB password, and should I create one, because right now I have the user set to Admin and the password blank, and this is all written in the ASP .Net page in the connection statement.<BR><BR>I am using forms authentication and my impresonation is false.<BR><BR>Thanks,<BR>Erich