Hello, I would like to hear feedback from the community regarding Sharepoint's security. We are planning a Sharepoint Site for a client that will be accessible from the net and we want to make sure it's as secure as possible. We are planning to take the following precautions: 1. We are using HTTPS with 2048 bit key to access the site 2. We have a warning message to user warning them about shoulder surfers 3. We have an internet facing router so only HTTPS 443 is open 4. We require strong passwords backed up by GP's My questions are as follows: Is there any known SQL injection that target Sharepoint DB's? (We are not using SQL Server but rather the bundled SQL Express) Would SP 2010 be more secure than WSS 3.0? Or vice versa? What other security risks should I look out for? We have a public site with anonymous access and when users log in the internal site links appear based on permissions. Is this secure or it it better to have two separate sites? Tks, NakieNaki K. / Falcon IT Services