On Thu, 2011-01-27 at 10:01 -0500, m.roth at 5-cent.us wrote: > Always Learning wrote: > > You haven't seen my long and difficult (for others) password (uppercase, > > lowercase, and digits). It is unlikely ever to succumb to brute > > force. :-) > > Ah, no. Where can you log in as root from? If it's anywhere outside the > intranet, bad, bad, bad. Blush, blush .... access is on a non-standard port and then restricted to a few IP addresses. I don't want my servers taken over by others. As a basic policy everything that can be changed from a default port is. That means I have open 25 and 80. Everything else has a none-standard port number of 4 or 5 digits. Definitely no 443. Every secure web application has https and a different port and IP restrictions (in the .htaccess). I'm planning to experiment with mod_auth_mysql. -- With best regards, Paul. England, EU.