Hi, to have access to my web application, user needs to log in. Before to send login/password over the net, user is directly redirected to HTTPS version of my web application in case he did not write HTTPS:// at the address bar. once he types login/password, everything is checked with DB data and if it is correct, so he's granted right to continue and he redirected to another HTTPS web page. i would like improve security but i'm not sure it make sense as HTTPS is used. therefore i was thinking to request for each stored procedures (all my SQL requests are in stored procedures) login and password (stored into session)... but does it make really sense ? thx. -- Alain ------------------------------------ Windows XP SP3 PostgreSQL 8.2.4 / MS SQL server 2005 Apache 2.2.4 PHP 5.2.4 C# 2005-2008
