Agree with Bill that the only "secure" way is to use https - this secures the comms on the wire
There is another way that will provide medium secutrity make a welcome.csp that starts the session - click logon and this takes you to a logon page with Private=1 Encoded=2 This will stop anybody easily trying to hack the login page plus disabling login after so many failed attempts plus using some sort of IP security that only allows logon from known IP addresses You also need to take all the steps covered in George James's security presentation Peter
