Thanks Bahwi, I agree with you regarding the client-side aspect. But since we are talking about a regular web-based application in php I think I will have to deal with that.
The other security concerns are already addressed, such as the use of SLL to encrypt the traffic and possibly the use of an encoder do hide the source code. I do not think I understood your ideia : >The next best thing is to store it in session > variables, but build your own system perhaps, and yes, encrypt it lightly with some system and a > system passphrase __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php