> > Check the Web Server Logs in the time just before the DB was > > compromised. > > Does the DB in question have query logging enabled? If so, that'd > be a useful thing to look at as well. :-) Anthony, Chris, Hassan-thanks muchly. I'll do some digging. I admit to a certain laxity in my security education and I'll see what I can do to patch meself up. joel