Am Samstag, den 02.12.2006, 13:57 -0600 schrieb Larry Garfield: > If you're talking about getting user data into a web script, then GET, POST, > and cookies are the only options. All three are insecure, because they're > coming from the user. The user is guilty until proven otherwise. Sanitize > thy input. There is also http://www.php.net/manual/en/features.http-auth.php which may be more secure than POST. With Client Side XSS form data maybe can be read. There is no access form javascript to http-auth parameters. Bernhard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php