https://issues.apache.org/bugzilla/show_bug.cgi?id=44598
Mark Thomas <[EMAIL PROTECTED]> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
OS/Version|Windows Vista |All
Platform|PC |All
--- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-03-24 14:49:02 PST ---
This is a deliberate design choice. It is generally poor security to tell a
user why their login failed since it helps a malicious user focus their attack.
The typical exception to this rule is CredentialExpiredException but there
isn't a way to handle this within the confines of the servlet spec (eg how
would BASIC authentication handle this?) or the current realm interface.
To date no-one has felt the urge to scratch this particular itch. As always,
patches are welcome but I don't see this being an easy fix.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
