Hi again... I noticed if I view the source of the generated html & javascript in my web browser that the layer definitions from my mapfile are embedded in the javascript including the connection string (including username and password(!!)) for postgis data sources. Is this a known issue? How does one work around this? Thanks, Corey