Hey all! Quick question, one of our sites already uses BASIC_AUTH to take the username and pass from clients, we were thinking of instead doing it via a login form (so we can also add a CAPTCHA later...if needed) what I would like to know is, by using a login form instead of a BASIC_AUTH are we comprimising security in any way (for example if someone is using a "sniffer") or does BASIC_AUTH have some kind of extra inbuilt security that forms dont have that I am not aware of? Thanks! R ------ - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) --------------------------------- Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends.