If I have a SQL database with a table that gives IUSR_BLABLA access to a table that contains their username and password, I&#039m trying to understand how vulnerable the data will be. <BR><BR>Let&#039s say IUSR_ can select, insert, and update via my asp pages *after* their uid and password is validated. Is that enough given the database priveleges for IUSR_? Could someone get at the data without the asp pages?<BR><BR>Sorry if this is muddled, but I&#039m new to all this!