This can be addressed from 2 perspectives: 1) Do your homework on such a site and include review of security issues, possibly by a security consultant, (which the client should see as a paid for line item), and provide such review to the client. 2) Your contact with the client should absolve you of any responsibility for operations of the site, once you deliver it. The point you raise is a good one - not from a legal perspective, so much as from an honest understanding that the net is no longer a nice friendly place to be. For our business we have gone beyond the point of watching for and securing against hacking attacks -- now we expect constant attacks. Our server logs show ongoing attacks on any moderately visible site ongoing (esp from RO/RU/CN domains) pretty much all the time. This argues for various measures once a site is live to monitor logs for odd activity, and using tested web frameworks, which are being developed with security in mind. Where custom dynamic script code is written for a web site, always have it reviewed by another programmer, preferably someone with security programming experience. BUT proper security is a much bigger and longer discussion. Rich Nancy Salwen wrote: > Thank you all for your feedback! > > What I gather from what most of you say, is that the cost of E&O makes > it unrealistic for my small sole-proprietorship and that in addition > it's probably unnecessary... but do you worry about being held > responsible in the event of an e-commerce site that you've developed > being hacked and a customer (or customer's customer) losing money? > Maybe I just worry about things too much! > > Thanks, > Nancy > > ______________________________ > > Nancy Salwen > > nancy at salwen.net <mailto:nancy at salwen.net> > > http://www.salwen.net > > 603-357-4693 > > > -- Rich Roth CEO On-the-net Bringing you complex online systems since the net was young http://www.tnrglobal.com - http://www.on-the-net.com/rr/