> Would it be more secure, if you would write all changes that > should be made to a database and those commands were executed > by a script that is run as cronjob?
You'd have some time before the changes become effective, which is the good thing about it. But if some evil user has the chance to make any changes, then those changes will become effective anyway when you're not there to check things. So then where's your security ? How about if you put the changes in a table and email a predefined root-equivalent user that changes have been made. Then any changes will not become effective untill the user that has been emailed has replied to acknowledge or something. Rob