>>>>The last time I needed this type of security we required the user to request an account which triggered an email to admins with a link allowing them to approve the request and activate the account Also, by storing a token in html5 local storage, we allowed users to be permanently 'logged in' unless they specifically logged out (or their account was disabled by admin)
>>>
>>>Pure Noziness: did you check the security aspects of local storage? Before WebSQL was murdered, that one was the biggest doubt to my highflying plans ;-)
>>>From the Docs it is supposed to be safe, but how often did they claim to have fixed cross-site/frame scripting ?
>>>How strong is it encrypted? Is it possible the user maps local storage to mSDHC?
>>
>>Short answer : I don't know how secure it is. Theoretically it's only accessible from the same URL that wrote it. We're also storing quite a bit of data locally for use in offline situations.
>>
>If you run special tests or encounter problems (in the app or in literature), please post
>
>thx
>
>Thomas

Will do....