I wouldn't think that it is very secure since the username and password are sent to the server as clear text (I believe). Along with .htaccess I would set up some database password solution as well. Dave