Owdy Posted August 10, 2011 Share Posted August 10, 2011 If i try to log in with acoount what is deleted, login screen says justUsername or password incorrect. How about:Username "****" doesn't exist in our database or something? Link to comment Share on other sites More sharing options...
Mat B Posted August 11, 2011 Share Posted August 11, 2011 It is widely considered to be very poor security practice to indicate for a failed login which aspect of the details is incorrect. As a general rule, no properly secured application will ever tell you whether it was the user name or password which is incorrect. My personal opinion is that it is unlikely you'll ever see this. Link to comment Share on other sites More sharing options...
Owdy Posted August 11, 2011 Author Share Posted August 11, 2011 You have a valid point. Maybe its betters this way. Link to comment Share on other sites More sharing options...
bfarber Posted August 11, 2011 Share Posted August 11, 2011 Previous versions of IP.Board showed a different error message if the username was invalid vs if the password was invalid. For the reasons Mat is stating above (poor security practice) we changed this in late 2.x or early 3.x releases. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.