Thanks to Geoff Huson for his excellent 'Web Security Primer' last night. I know 'an' IP address of my bank and if every thing I needed was at that address I'm guessing I'd be safe. But I know that the bank itself redirects me to a separate login page and if that and all subsequent redirections were by IP address would I not be safe?