And when IIS is collecting credentials, often used to provide an SSO solution, you can almost bet on the overall solution being insecure. We strongly recommend people don't do this but a few of the BMC VARs know no better, or do and choose to carry on regardless :)
John _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
