You can get a little creative with the implementation but it would require you to install a control or component on the webpage for download.

If you are very concerned with the form variables being passes plain-text or in and easily decipherable format you could implement a somewhat secure method.

This is just off the top of my head so bear with it.

Using a time-stamp or some unique identifier, issue the form with this value.
Then use hidden form items for username and password(Just wait, this is not what you think yet) If you are not afraid of the username being shown it would be more efficient.

Anyway, use a control to create an MD-5 hash of the user input combined with the timestamp. Then have javascript on the page set the hidden variables with the hashes.

When the page is posted, have your code md5 hash the user names and passwords with the time-stamps and compare them. If they match, you have an authenticated user and you know exactly who it is. This would keep the server logs from showing any usable data to any snoopers.

I can explain this more if you need, but this should be a somewhat simple implementation.

If you dont have MD-5 code, I have a control that does it.

http://www.SeekfordSolutions.com/Products/EncoderWizard/

I hope this resolves your problem.

Brian Seekford