Hi, At MediaVisual Hong Kong we are looking to do a lot of the things that are available on the Zope web site, relating to the subscriber database, although the site we are building is a lesiure/lifestyle site for young asian's. Can you please help me with a few queries. The first is simple. Is the Zope Mailing list handled by Zope, or another package ? As we would like similar functionality. The second is relating to the UserDB. I never found any real good docs on it, but managed to get it all working, against MySQL. However I have found that if I log on as a subscriber, then go to the /manage section, I am able to change some, but not all things across the entire site!! I am also able to cut and paste most objects, although I cannot delete. Can anyone give me some pointers on what to look for. I have also found that if I know the URL to call a function and update a user, I can pass my own parameter across and change almost any existing users password etc. Lastly, I cannot quite figure out how to get the authenticated user inside Python, if I can get this, then my python code can stop the above problem should a user construct their own URL to change a password. Is this a sensible way forward, it seems that I need to authenticate at the Python level, as the data and methods are stored externally to Zope. Any user which has access to the function can construct a URL which will perform an update regardless of user, once we are in the UserDB Python code. Thanks for any help you can give Paul