tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: BASIC authentication response
Date Thu, 20 Jul 2006 10:52:35 GMT
Zohar wrote:
> Hello list,
> I'm using BASIC authentication with tomcat 5.5 and I wanted to know whether it is possible
to return some text when the user login fails (e.g. "you typed in the wrong password"). Is
it?

Short answer: no.

This sort of behaviour is generally a bad idea as it gives a potential
attacker too much information. For example, that they have a valid
user name but the password is wrong.

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message