This time it really was Ben Laurie who wrote: > The secret bits should be conveyed by something > other than the URL. For > example, POST data in a form, or output from a > client-side Java app > (also posted). Why? Tyler