Hi, I it is possible security hole or I have misconfigured security? http://user:password@localhost:8080/Control_Panel?manage_shutdown:action=Shu tdown Note that "user" is defined only for virtual subweb /www/www.domain.cz and is in group "editor" that exists only in that subweb. Regards J. Lukesh