Actually, let me clarify that last mail. This currently shouldn't be possible, however, a few missing referer checks in WP 2.0.2 may allow this, and users with IE are still at risk due to a referer spoofing xmlhttprequest bug. The new solution should avoid this. -- --Robert Deaton http://somethingunpredictable.com