Hi Ken, I agree with you that having some form of security for accessing sensitive information is common sense. I may use authentication to choose to share some information from my db with you without giving you free access to my db ... and share different information with someone else. No problem. However, I also completely agree with Alan that trying to 'hide' the formatting and HTML that encases the information I share back with you, trying to prevent you from cut and pasting that information into another application or prevent you from printing it .... is pure silliness of a magnitude some of us choose not to tolerate or condone. If the original poster wants to hide some valuable proprietary computation ... fine - I have no problem with that ... let them put it in their secure server-side coding and keep it out of the JS they send to the client machine. My 2¢, RonL. (BTW - 'controlling' sensitive information by putting it in obfuscated form in a client machine's cache is completely without diligence. People who do things like that deserve to be fired.) -----Original Message----- From: Ken Schaefer [mailto:ken at adOpenStatic.com] It's not always about "hiding" things - sometimes it's about controlling access to sensitive information.