Agreed, however I'd like to at least say "The username and/or password you
entered was not recognized".
> From: Ged Haywood <[EMAIL PROTECTED]>
> Date: Tue, 21 Aug 2001 00:36:33 +0100 (BST)
> To: David Young <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: AuthCookie access denied messages
>
> It's generally considered a security hole to report things like
> "invalid user id" to a user who fails to get a login, because when he
> finally gets "invalid password" he knows he's got a valid user id...
>
> 73,
> Ged.
