Jump to content

Feature reg: tell user if he doesnt exist ;)


Recommended Posts

It is widely considered to be very poor security practice to indicate for a failed login which aspect of the details is incorrect. As a general rule, no properly secured application will ever tell you whether it was the user name or password which is incorrect.

My personal opinion is that it is unlikely you'll ever see this.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...