My boss asked me to find out from anyone out there whether they have run into any security issues using SQL server with a UID and PW defined in the connection string. Basically what we have is an external web server which is calling a database on SQL server. SQL server is behind the firewall. Has anybody heard of or can anybody point me in the direction of articles related to using a connection string like: DSN=database;UID=sausage;PW=pizza<BR><BR>Thanks,<B R>Ben