On 2/15/07, pagvac <unknown.pentester at gmail.com> wrote: > 3. Protect "interesting"/dangerous requests by asking the user for > something only he/she knows (i.e.: password) Careful with that. What about JS keyloggers? Regards, Brian