I have an access .mdb file that my asp app uses and it is located in the root directory of my app. (www.domainname.com/mydb.mdb) In this database I have the stock list of usernames and passwords of the users that utilize my app. Here is my question: What is to stop someone from specifying this location: www.domainname.com/mydb.mdb in their browser location window (if they knew the name of that database) and downloading my database from the website, looking at all the usernames and passwords in the users table and hacking into my app using this info???? It seems that my .mdb file is a vulnerable as any other file in my root directory! Any insight into this serious problem would be greatly appreciated...!!!