ly.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65635
On Fri, Oct 15, 2021 at 2:01 PM Mark Thomas wrote:
> On 15/10/2021 07:05, Werner Dähn wrote:
>
>
>
> > So why has this not been done? What am I missing?
>
> Accepted security good practice is not to provide any inform
I know it has been asked dozens of times but the response is always "Cannot
be done in a standard way".
But why can't we change Tomcat to provide further details to the error page
of why the login failed?
I would have thought tomcat can support that easily without any backward
compatibility