> With the current setup, the client cannot tell if the 401 is due to > the user not existing, or an incorrect password.
I'm sure this is by design. It's a serious security flaw to allow an
attacker to know the difference between "unknown user" and "incorrect
password".
--
Harald Koch <[EMAIL PROTECTED]>
"It takes a child to raze a village."
-Michael T. Fry
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
