What is considered better from a security standpoint (yeah, I know there are a lot of variables even in this comparison): A) vlink as the only file in cgi-bin, suid, owned by the interchange user, and a-w on it and the cgi-bin directory. -or- B) same as above, but apache with suexec, and no suid on vlink. Thanks, John Young