The security issue is important because I don't want anyone to be able to use the websites database admin scripts without logging into the CMS first. Otherwise anyone who happened to type in www.oneofmywebsites.com/cms would be able to make unwanted changes to that particular sites database.
From previous reply, I know you believe two log-in's are not user friendly, but (from my reading) that's what the big boys do (i.e., eBay, Amazon) for a more secure log-in.
I don't filly understand it, but from what I've read it's a combination of both your log-on/password and a session ID -- but then, a second log-in changes the session id which makes it more difficult to hack.
HTH's tedd -- -------------------------------------------------------------------------------- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php