DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004 JDBCRealm.authenticate() eats SQLExceptions and should not ------- Additional Comments From [EMAIL PROTECTED] 2003-03-14 20:01 ------- The only place that the actual cause of such a problem should show up is in the log files -- telling the user what the actual problem was just opens your app up to security attacks. Good security design says that the result of an "are you authenticated" question is a yes or no, with no further information available to potential attackers. I'm not an active Tomcat committer at the moment, but I strongly argue for a WONTFIX resolution on this one. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
