Forum OpenACS Q&A: Response to Bugtraq: cross site scripting

If the admin's key is sent automatically that might not help this particular
problem.

nsopenssl does support client certs.  It is a instance-wide setting so I'm
looking into running nsopenssl twice on the same server.  Once for normal
users and once (at a different port or different IP) for administrators and
requiring administrators to supply a client cert.