I sometimes use a sort of poor man's shared server security: php-cgiwrap, and set permissions as restrictively as possible. Obviously you don't get to run PHP as an Apache module, but -- unless I am mistaken -- your scripts and data files should be no less secure than your shell account itself. --- David Mintz http://davidmintz.org/