August 10, 2011 in Feedback
If i try to log in with acoount what is deleted, login screen says just
Username or password incorrect.
Username "****" doesn't exist in our database
It is widely considered to be very poor security practice to indicate for a failed login which aspect of the details is incorrect. As a general rule, no properly secured application will ever tell you whether it was the user name or password which is incorrect.
My personal opinion is that it is unlikely you'll ever see this.
You have a valid point. Maybe its betters this way.
Previous versions of IP.Board showed a different error message if the username was invalid vs if the password was invalid. For the reasons Mat is stating above (poor security practice) we changed this in late 2.x or early 3.x releases.
This topic is now archived and is closed to further replies.
Started Yesterday at 06:25 AM
Started 2 hours ago
Started November 13