On 30 Oct 2007, at 15:18, <ftarzwell at fayec.com> wrote: > Apart from them having access to the users' data stored on their > end, would > that allow them to access our site in a way that it would > jeopardize the > applications on our servers? It is relatively trivial to add a form filled with hidden inputs to the document and then submit it with JavaScript. Any cookies or session data the user has would still exist. -- David Dorward http://dorward.me.uk/ http://blog.dorward.me.uk/