|
Posted by Schmidty on 01/12/07 16:58
Okay I answered my own question "How would I validate and reply with an
error message if the right username with wrong password came up?" It
was pretty simple fix. At the end of the function 'auth()' I put the
line 'echo "ERROR";'. I might even add a function at this point to send
an email to the actual user indicating that someone tried to log-on
using their username with an invalid password!
Gordon Burditt wrote:
> >How would I validate and reply with an error message if 'the right
> >username with wrong password' came up? Thanks...
>
> You shouldn't have a different error message for the cases:
> right username with the wrong password
> vs.
> wrong username with any password at all
>
> If you do, you're giving away which usernames are correct.
[Back to original message]
|