I have an application on IIS4 that allows people to see pdf files etc when they click on links. I control security to the app by checking them against a database. However, if they can guess the URL (or save it) they can get to the document without having to go through the app (i.e. anyone can get to the document if they can guess the URL).<BR><BR>How do I stop this????