DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004 JDBCRealm.authenticate() eats SQLExceptions and should not ------- Additional Comments From [EMAIL PROTECTED] 2003-03-14 20:27 ------- Craig, I really wish you had to "eat your own cooking" on this one. I don't think you realize how many support requests, how much confusion, and how much frustration are generated because of this "feature". The only information that needs to be communicated to the user is "We cannot log you in at this time due to a system error. Please try back later". Many large websites do this, and it is a flaw in Tomcat that it cannot. A simple error message like the one I just mentioned is not going to reduce security in any significant way. The benefits outweigh the costs, big time. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
