My thoughts on this thread: 1. Sending a DBA username and password over a cleartext channel is bad. Users would do it without reading warnings if the feature is available, and their passwords would get out. -1 to requiring a DBA password via Web form. 2. Once a user is created and given rights, MySQL will allow that user to create the database the user has rights to. Yes, you can grant rights to a non-existent database. If you GRANT ALL PRIVILEGES ON db_name.* to the user, those privileges include {CREATE,DROP} DATABASE on that database: ===== Session transcript ===== $ mysql -u root -p mysql> grant all privileges on drupal_db.* to drupal@localhost identified by 'super-secret password'; Query OK, 0 rows affected (0.16 sec) mysql> quit Bye $ mysql -u drupal -p mysql> show databases; Empty set (0.00 sec) mysql> create database drupal_db; Query OK, 1 row affected (0.00 sec) mysql> show databases; +-----------+ | Database | +-----------+ | drupal_db | +-----------+ 1 row in set (0.00 sec) ===== End transcript ===== 3. All that aside, WordPress' "Famous 5-Minute Install" involves manually creating a database and a user with rights to it; I however still think it'd be nice to give Drupal the (optional) ability to create its own database. -- pacem in terris / mir / shanti / salaam / heiwa Kevin R. Bullock