Zohar wrote: > Hello list, > I'm using BASIC authentication with tomcat 5.5 and I wanted to know whether > it is possible to return some text when the user login fails (e.g. "you typed > in the wrong password"). Is it?
Short answer: no. This sort of behaviour is generally a bad idea as it gives a potential attacker too much information. For example, that they have a valid user name but the password is wrong. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
