From: Adam R. <ad...@ex...> - 2010-11-15 17:37:14
|
>> Auto-complete for usernames > > I know biblio is just a demo....but this smells of a serious security flaw to me, if the description > is indicative of what I think it is. Yes it is what it says it is. Whilst I agree that you should not volunteer information, on the flip side - Never EVER consider your username as a secure artifact or a mechanism for authentication, almost every large network that I have authenticated with makes use of a username scheme that can easily be guessed or mined. e.g. firstname.lastname (adam.retter) or initiallastname (aretter) or worse an email address e.g. (ada...@go... or ad...@ex...). So... IMHO... Usernames are not secure information! > Just sayin'.... Likewise ;-) > -- > Andrzej Taramina > Chaeron Corporation: Enterprise System Solutions > http://www.chaeron.com > -- Adam Retter eXist Developer { United Kingdom } ad...@ex... irc://irc.freenode.net/existdb |