For logging in type applications, I dont even relay explicitly which out of username or password is incorrect. just tell the user to enter it again.

If you have a production application that may fail, I personally dont see any good in reporting the error to a user, and have the user feeback the error...

I think better style may be to write a die handler, issue a generic page, log the error, and send an alert via pager/email/whatever suits.

Even tho the user may be faced with a nondescript page, which may be frustrating, they wont be faced with an "interpreter" level error message (less professional). Lesser of two evils...

I generally program by the philoposphy, hide all errors, and report back generic stuff only. No version numbers, no OS / external app error messages, nothing. the user is there to use the application, not understand the engine.

Draconian, yes.