In your tutorial for ASP dynamic scroller you place the connection string within the code. This becomes a security issue with the scroller. The recordset needs to be created in the head of the page the scroller is placed in and the loop references the recordset to create the content. This is what I do for the DHTML and Tree Menus. The security issue comes from placing the user name and password to your database within the JS code to create the connection string. All a hacker would need is to view the source code on the page with the scroller. Then copy and past the URI in the address bar, (i.e. http://yoursite.com/scripts/shop_scroller.js
) and now the hacker has the connection string to your database to do with what he/she wishes.