Paul Mitchell wrote: > Interesting. I'd think twice about sending the DB_PASS to anything other > than the database. DB_PASS is used throughout WordPress as a unique, private seed for generating MD5 hashes. This case is no different. Nobody is going to get your database password by looking at a generated nonce. Owen