Hi Bernardo If you decide not to keep your authentication script in a database, it's a good idea to at least keep it outside of the web folder and include it in your web scripts. I think a lot of those tutorials just use that script for simplicity, perhaps so as not to dilute the topic of the article. You might be interested in the following articles. http://pear.php.net/manual/en/package.authentication.auth.intro.php http://www.zend.com/zend/tut/authentication.php Overview of security-related good practices http://www.onlamp.com/pub/a/php/2003/04/03/php_security.html hth chris hardy http://www.semioticpixels.com