While I'm at it, is there any way to make DTML methods accessible to objects (such as other DTML methods) but not through URLs other than by a tortuous series of proxy roles? I've expressed views about an 'execute' permission in the past but these have fallen on deaf ears.

You could probably do something useful using siteaccess if you strictly enforced a naming convention across your site. I have wondered about lower casing all incoming URLs so as to make them effectively case independant and this would have a side effect of making all mixed/upper case objects inaccessble. Or you might have a convention that everything web callable had an extension and prevent access to any methods without a dot in the id. Of course siteaccess can be bypassed, but it should be possible to disable this. -- Duncan Booth duncan@dales.rmplc.co.uk int month(char *p){return(124864/((p[0]+p[1]-p[2]&0x1f)+1)%12)["\5\x8\3" "\6\7\xb\1\x9\xa\2\0\4"];} // Who said my code was obscure? http://dales.rmplc.co.uk/Duncan