> Do others consider this a vulnerability? Yup... especially given the hard-coded (sigh) error page returned for authentication error gives out this information :-( Chris