Well,<BR><BR>Since its after closing time here and I am doing some drab work on a project, I thought it was time to pose a question that I have often *wondered* about.<BR><BR>How can an ASP Developer create a *secure* site?<BR><BR>To push away from the obvious.<BR>I usually use one small session variable to maintain a basic security -&#062; reason being, the apps I write our not in the Amazon nature, (extra traffic, undeterminable growth,etc..), they are for companies to run their businesses. Small Steady Traffic on a daily basis.<BR><BR>I then use that session var to grab the other things I need, as needed. <BR><BR>Aside from things like when a person logs in, be sure they came from the login page you built, not a spoofed one and having basic checking for the session var on all pages. <BR><BR>What else is there?<BR><BR>You can use http_referer for some things, but it gets incredibly unpractical in a larger app like I have been working on. <BR><BR>If their is some article I haven&#039;t read on an overview of the topic, I am all ears.<BR><BR>Ideas? Thoughts? Experiences?