Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted August 10, 201113 yr If i try to log in with acoount what is deleted, login screen says justUsername or password incorrect. How about:Username "****" doesn't exist in our database or something?
August 11, 201113 yr It is widely considered to be very poor security practice to indicate for a failed login which aspect of the details is incorrect. As a general rule, no properly secured application will ever tell you whether it was the user name or password which is incorrect. My personal opinion is that it is unlikely you'll ever see this.
August 11, 201113 yr Previous versions of IP.Board showed a different error message if the username was invalid vs if the password was invalid. For the reasons Mat is stating above (poor security practice) we changed this in late 2.x or early 3.x releases.
Archived
This topic is now archived and is closed to further replies.