I have got my whole site working fine. Users can login, are verified against a security table and they can access and update my SQL Server database as required. I have stored the database connection string as an application variable for speed of access. <BR>But where can I store the database connection string on the webserver so that it is secure? <BR>It must be somewhere so that the global.asa can grab it to store it as an application variable, but this requires that it is somewhere the anonymous account can potentially access it. Any pointers to solving this problem would be enormously appreciated.