>> is absolutely stupid this script can be part of the page and have all privileges >> granted to the user after a legitimate authentication.
Not when you consider that the script was added to YOUR page even before the browser renders it. Think of it like a proxy in that the proxy added the (unwanted) scripts before it passed it to the actual browser rendering and scripting engine. To the browser it looks like your site sent it. This is one of the ways the Russian hackers accumulated over a billion credentials. Believe me, I share your concern which is why I never login to any of my accounts from an unknown browser or PC. The alternative is to go off like Gene Hackman's character in the Conversation. If you do find a way to detect all scripts running on a page I would be very interested in seeing how it works. At least you could then inform the user that there are unwanted processes running in the browser. Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359237 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm