tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: BASIC authentication response
Date Thu, 20 Jul 2006 10:52:35 GMT
Zohar wrote:
> Hello list,
> I'm using BASIC authentication with tomcat 5.5 and I wanted to know whether it is possible
to return some text when the user login fails (e.g. "you typed in the wrong password"). Is

Short answer: no.

This sort of behaviour is generally a bad idea as it gives a potential
attacker too much information. For example, that they have a valid
user name but the password is wrong.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message