From 5506f1c27906ba8b704a41ed4fdcf36e1a29a05b Mon Sep 17 00:00:00 2001
From: soylentmean <soylentmean@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Tue, 6 Jan 2009 20:19:22 +0000
Subject: [PATCH] Fixing wording a smidge.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@372 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../RoleBasedAccessControl/RoleBasedAccessControl.java      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
index af60b8677..f2cfe51b0 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@@ -141,9 +141,9 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 			if (STAGE1.equals(stage))
 			{
 				instructions = "Stage 1: Bypass Presentational Layer Access Control.<br>"
-						+ "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page.  "
-						+ "Verify that Tom's profile can be deleted."
-						+ "The password for a user is always their first name.";
+						+ "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page. "
+						+ "Verify that Tom's profile can be deleted. "
+						+ "The passwords for users are their given names in lowercase (e.g. the password for Tom Cat is \"tom\").";
 			}
 			else if (STAGE2.equals(stage))
 			{