Paul Mitchell wrote: > Sorry, I'm getting confused. I was thinking of DB_PASSWORD. I can't find > a definition for DB_PASS anywhere in trunk. Touché. Still, it doesn't make your point about using the database password to generate a hash any more valid. Owen