>>Hi Viv and thanks, as I said to John the more I look at this project the more I think it should be a web app which would remove the need for cross platform I just need to find a way of restricting its use to a selected group maybe using RSA type keys or whatever the cool way is these days, as always I'm open to suggestions.
>
>I would have suggested a web app but it's not really possible to get the 'slickness' of a native app and I thought you may have ruled it out for that reason.
>
>The best approach to restricting access probably depends on (amongst other things) the number of likely users and how they would be added/removed from the list. One option for a small group is to use Windows authentication on IIS and restrict access to specific domain roles/users.
>
>The last time I needed this type of security we required the user to request an account which triggered an email to admins with a link allowing them to approve the request and activate the account Also, by storing a token in html5 local storage, we allowed users to be permanently 'logged in' unless they specifically logged out (or their account was disabled by admin)

Pure Noziness: did you check the security aspects of local storage? Before WebSQL was murdered, that one was the biggest doubt to my highflying plans ;-)
From the Docs it is supposed to be safe, but how often did they claim to have fixed cross-site/frame scripting ?
How strong is it encrypted? Is it possible the user maps local storage to mSDHC?