|
Posted by Gordon Burditt on 01/12/07 23:57
>Okay I answered my own question "How would I validate and reply with an
>error message if the right username with wrong password came up?" It
>was pretty simple fix. At the end of the function 'auth()' I put the
>line 'echo "ERROR";'. I might even add a function at this point to send
>an email to the actual user indicating that someone tried to log-on
>using their username with an invalid password!
In other words, you're going to allow your site to be used as a weapon
to mail-bomb your users? This is NOT a good idea unless you've got strict
limits on how often you can send that email (e.g. once every 24 hours max,
and even that's very annoying).
>
>Gordon Burditt wrote:
>> >How would I validate and reply with an error message if 'the right
>> >username with wrong password' came up? Thanks...
>>
>> You shouldn't have a different error message for the cases:
>> right username with the wrong password
>> vs.
>> wrong username with any password at all
>>
>> If you do, you're giving away which usernames are correct.
>
[Back to original message]
|