I have come up with a way to protect an Access database from being downloaded or opened without using folder security placing the database outside of the web root. Even if the URL is known the database is unapproachable. You can find details here. http://www.ljusdal.nu/mcdade/paging.asp. I have tried to get this posted as a user tip. But I guess its not technical enough :)