Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt November 11, 2024
Owdy Posted August 10, 2011 Posted August 10, 2011 If i try to log in with acoount what is deleted, login screen says justUsername or password incorrect. How about:Username "****" doesn't exist in our database or something?
Mat B Posted August 11, 2011 Posted August 11, 2011 It is widely considered to be very poor security practice to indicate for a failed login which aspect of the details is incorrect. As a general rule, no properly secured application will ever tell you whether it was the user name or password which is incorrect. My personal opinion is that it is unlikely you'll ever see this.
Owdy Posted August 11, 2011 Author Posted August 11, 2011 You have a valid point. Maybe its betters this way.
bfarber Posted August 11, 2011 Posted August 11, 2011 Previous versions of IP.Board showed a different error message if the username was invalid vs if the password was invalid. For the reasons Mat is stating above (poor security practice) we changed this in late 2.x or early 3.x releases.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.