tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Realm.authenticate() failure
Date Fri, 18 Feb 2000 15:52:42 GMT
Peter Blakeley wrote:

> Gidday,
> I am currently trying to intergrate our existing Realm implementation
> with Craig's catalina.Realm interface but find that the authenticate
> methods only return null on failure. Currently I throw
> NoSuchUserException, InvalidPasswordException,
> InvalidCertificateException Exceptions's to provide some feedback to
> users as to why their logon failed amd also to Audit Log authentication
> failures.
> Perhaps Craig or someone would like to explain the thinking behind only
> returtning a null as opposed to throwing an Exception indicating the
> reason for failure.

Although Daniel Rall quoted a nice "programming philosophy" reason for why
I decided to return null instead of an exception (and it was one of the
motivations), there is an additional important reason, based on my
experience with building login schemes.

If you have an exception back stating what happened, you are going to be
tempted to tell the user the details as well ("invalid username" or
"invalid password" or whatever).  Doing so increases the security risks
when you are facing a cracker, because you've just reduced the variables
he/she has to explore in order to successfully invade your system.  Saying
"Invalid login" does not give them any such information.  (I learned this
principle from looking at the first Unix-based systems I ever used.)

Finally, there isn't really a portable mechanism to tell the user much
anyway -- if you're using basic or digest authentication, for example,
you're going to send back an UNAUTHORIZED response that has no room for an
error message.  With form-based authentication, you're going to go to the
defined error page, but there's no mechanism to communicate any explanatory

> cheers pb...
> --
> Peter Blakeley

Craig McClanahan

View raw message