> From: Anthony Baratta > FYI - putting the password in the Query String is not secure > even if using SSL. The URL is "open" irrespective of the protocol. No, that is not correct. When making the initial request the query string and even the path are stripped off of the request when determining routing (the DNS lookup) and before the SSL handshake is created. Once routing is determined, the SSL handshake is initiated, and *then* the data (path, query string, post, etc) is encrypted and transferred. Ah. CF: http://lists.evolt.org/archive/Week-of-Mon-20030106/132162.html -- Max Schwanekamp http://www.neptunewebworks.com/