DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25953>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25953 Add ability for Realm authentication to tell the user the reason for auth failure ------- Additional Comments From [EMAIL PROTECTED] 2004-01-29 23:23 ------- For the record, the design of the Realm API in this regard was intentional. Telling your user that they got the password wrong (for example) tells a potential hacker that they got the username right. That's a bad security practice. Craig McClanahan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
