You are on issue re: information and facts leakage and this should be a vital consideration for any person rolling their own individual authentication/authorization plan. +one for mentioning OWASP. This is so simple as it will get, but could be incriminating when there is even a slight slip-up. A malicious http://pigpgs.com
