Here's another thing: Don't put your db usernames/passwords in any file that is accessable from the web. (the don't have to be) If some other bonehead admin happens to replace your http.conf with a generic one, you don't want all your blocked files showing up automagically.
Secondly, be aware that if you've got embedded usernames/passwords for db access on your system, they are generally not safe from other users of the system. -Michael _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
