Move the config file somewhere non world readable (ie outside of your web root). Make it part of the 'config' group. Give it 040 permissions if all you need the CGIs to have is read permission. Make your CGIs part of the config group - they will thus be able to read the file but no one else will. Use relative paths if you want, it makes no difference. Investigate encrypting your passwords if possible.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print