Hi, I am totally new to asp etc but got thrown in to the deep end when a friend needed some ultradev pages fixed. They had resided on his companies server, which was accessed when his clients needed dynamic content on their pages. So mr.shopkeepers shop has the site www.shopkeepersshop.com on an ordinary host, and the sites product database section was held on my friends server.<BR><BR>Anyway, his server &#039;broke&#039; and the adminis-trator disppeared to another company, so the asp section had to be moved.<BR><BR>I got the pages to work on my machine ok, but trying to get them to work on the new space was hard, especially as I didnt really know what I was doing!!<BR><BR>The following code was at the top of my code:<BR>&#060;!--#include file="Connections/localspecials.asp" --&#062;<BR>&#060;%<BR>set rsall = Server.CreateObject("ADODB.Recordset")<BR>rsall.Ac tiveConnection = specials_STRING<BR><BR>This referenced my pws on my machine<BR><BR>I ended up adding this:<BR>&#060;!--#include file="Connections/localspecials.asp" --&#062;<BR>&#060;!--#include file="Connections/webspecials.asp" --&#062;<BR>&#060;%<BR>set rsall = Server.CreateObject("ADODB.Recordset")<BR>rsall.Ac tiveConnection = specials_STRING<BR><BR>where webspecials.asp contained this:<BR>&#060;%<BR>specials_STRING = "ODBC;database=/database/specialsnew.mdb;DSN=specials;"<BR>%&#062; <BR><BR>Is this a good way to do this?? With these lines of code, does it make it possible for naughty people to download webspecials.asp and see a userid and password??? Is the path supposed to reference a hard disk (as I have seen database=c:databasesdbname.mdb) on some pages I have visited.<BR><BR>This looks like the place to get some real help, so can you shed any light on this for me?<BR><BR>Thank you <BR><BR>David<BR><BR>