> I think just use a flippin' ssl server and be done with it.> ++$i > When I go to a website that requires me to let them execute JavaScript I> rarely go back.> Many people do this, I hope that the OP realizes this. > You can use SSL for the login and only the login - I know that it means> either using a self signed cert or paying big bucks, for anything with> e-commerce you want to pay big bucks for a cert, there is no other option.> For anything not e-commerce, using a self signed cert seems a lot more> secure to me than having the browser grab some salt off your server, use> javascript to encrypt the pass, and then sending it back.> Have you seen the fit Firefox 3 makes for self-signed certs? So far asthe end user is concerned, the site is inaccesible. -- Dotan Cohen http://what-is-what.comhttp://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-תا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-يА-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Яа-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-яä-ö-ü-ß-Ä-Ö-Ü
