Well the auth on the server side is not a real issue I can hendle that via .htaccess but the security I was and am looking for is more or less for the DBI connect I want to hide that so as to take more of the risk out the DB being compromised, Does that make more sense?