GrayMare, sounds like you're having fun, just try not to sleep in the office eh? :) I wasn't suggesting the Apache was bulletproof, just that it can be made highly resilient if you're willing to put in the hours, the very fact that source is free is what makes it so, everyone can see how it does what it does, so vulnerabilies are patched on a daily basis, once a sucessfull hack is found, as the "hack a mac" contest proved. The test machine was up for 6 months (I think) but they extended the contest because nobody was able to hack it... My argument was really against sloppy implementation, if you don't actually plan this properly from the start, and test it throroughly before hand, then you're going to get screwed by some script kiddie, or even worse, somebody who actually knows what they're doing. Whereas, it seems to me, that many sites including Microsoft themselves are "installing in haste, and repenting at leisure" once their server gets nuked either by a DDOS attack or by a more targeted weapon like the worm. It's a jungle out there, unfortunately most server vendors seem to asking you to look at thier really cool trees, and ignore the stuff that's lurking behind them. I don't know, I've been here for over 12 hours now, I came in to help out a friend then Tivoli went nuts, if you ever get the chance, avoid it, you'll be glad you did :) Right that's enough OT bitchin' I'll shall wander down to the flicks to watch the equally bitchin' Ms Jolie get on down in "Mortal Sin" :) later jb