|
|
Posted by Schmidty on 01/15/07 17:54
Your right, that would not be good for my users!!
Gordon Burditt wrote:
> >Okay I answered my own question "How would I validate and reply with an
> >error message if the right username with wrong password came up?" It
> >was pretty simple fix. At the end of the function 'auth()' I put the
> >line 'echo "ERROR";'. I might even add a function at this point to send
> >an email to the actual user indicating that someone tried to log-on
> >using their username with an invalid password!
>
> In other words, you're going to allow your site to be used as a weapon
> to mail-bomb your users? This is NOT a good idea unless you've got strict
> limits on how often you can send that email (e.g. once every 24 hours max,
> and even that's very annoying).
>
> >
> >Gordon Burditt wrote:
> >> >How would I validate and reply with an error message if 'the right
> >> >username with wrong password' came up? Thanks...
> >>
> >> You shouldn't have a different error message for the cases:
> >> right username with the wrong password
> >> vs.
> >> wrong username with any password at all
> >>
> >> If you do, you're giving away which usernames are correct.
> >
Navigation:
[Reply to this message]
|