> The real question is, how secure do they need to be? Is someone actively > trying to get access to these documents, or are you trying to prevent > someone from stumbling across them accidentally? If a document went > astray, would the results be embarassment, money loss, financial ruin, > death? You have to know the risk level to establish the needed security > level. > > joel > Sounds like the theory of relativity. Okay, just a wee bit of background. My client prepares tax returns and has partners who work from home. They are interested in placing the tax docs in a central repository where only they have access. This will save them each a half day or so per month. Embarrassment - certainly Employee/Client relationship - absolutely Money loss - it would depend Financial ruin, death (perhaps mine)- that would be a push Prevent accidents - yes I can't assess how vindictive someone would be to want to break in and wreak havoc or just the motivation to do this. However, here's something I have not done for years, most of a decade. When I worked with a UNIX company I occasionally use 'DES' to encrypt and unencrypt files. It does not appear to be loaded on the hosting company server, but it or something similar would certainly add another level of complexity to anyone who was able to get to the files. This is out of my expertise, but I could probably set up des to encrypt the files as soon as they are uploaded. Or would it be smarter/safer to find a utility that would do this on the desktop. Yeah define reasonable???