>>>The last time I needed this type of security we required the user to request an account which triggered an email to admins with a link allowing them to approve the request and activate the account Also, by storing a token in html5 local storage, we allowed users to be permanently 'logged in' unless they specifically logged out (or their account was disabled by admin)
>>
>>Pure Noziness: did you check the security aspects of local storage? Before WebSQL was murdered, that one was the biggest doubt to my highflying plans ;-)
>>From the Docs it is supposed to be safe, but how often did they claim to have fixed cross-site/frame scripting ?
>>How strong is it encrypted? Is it possible the user maps local storage to mSDHC?
>
>Short answer : I don't know how secure it is. Theoretically it's only accessible from the same URL that wrote it. We're also storing quite a bit of data locally for use in offline situations.
>
If you run special tests or encounter problems (in the app or in literature), please post

thx

thomas