>Storing the username password is not the most secure way even when encrypted, but it depends on your business environment. If the server is secure and nobody untrusted has physical access to it then no problem.

Rick, you're right. My view is the one of a developper practicing classical 2-tier c/s where the end-user typically has full-access to the OS including odbc ... Protection access to the db-engine is a must in this case.

In a web situation, the user is IUSR_x with limited rights :) Your book is clear enough on the subject. Thank you for making it clear again