I have read in several places on this board that it is possible using PERL scripting to write a web page to allow a user to change their password via the internet. Typically in these same posts, most people recommend not offering this solution because it loosens the security of the server up. Also, in these posts people sometimes recommend using Plesk or CPanel for web administration. What I can't figure out is how it is determined that these web admin tools are any securer than a web based password administration tool as from everything that I read, both Plesk and CPanel essentially change the web roots file permissions to 777. I would think that this would loosen security even more than a simple web based password administration script? Am I correct here or am I missing something?