Lisa [..] > What I need is good advice or please point me in the right > direction of what terms I should be searching for on google. * Cross site scripting * SQL Injection * SSL * Authentication [..] > My client asks about encrypting his content, it would be text > and PDF files. Is that an option? How exactly would > encrypting text prevent people who are not supposed to see it > from viewing it? You could encrypt the files, but then you would have to allow authorised people to decrypt them. It would be much easier to control access to the file in the first place. I don't see that encryption would add any security at all (I may be wrong) whilst adding an extra level of complexity for users. > Also on a related note, my client thinks that maybe some > members may share their user names and passwords with their > friends. > Is it possible to track who logs in to the site and > from where? You can log which account logs in from which ip address. > Would we be able to find out if member logins > were being passed around or not? You can allow only one login from one account at one time. You can also log any attempts to log into more than one browser simultaneously. > Does anyone have any good strategies for preventing this kind > of thing or to make it more difficult? I suppose that you could have a Java applet or ActiveX control that delivers all of the textual content. This would not prohibit the user from passing the information to third parties, but it could make it a lot more difficult. HTH Chris Marsh Web Developer http://www.globet.com/ Tel: +44 20 8246 4804 Ext 828 Fax: +44 20 8246 4808 Any opinions expressed in this email are those of the individual and not necessarily the Company. This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential and privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system.