Re: [Postfixadmin-devel] Security issue of error message while login failed

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zhang Huangbin wrote:
> Hi, all.
> 
> PostfixAdmin shows 'username is not correct' or 'password is not
> correct' while login failed, is it safe? Because i can use it to guess
> what user you have.
> 
> Why not change them to same message: 'Username or password is not
> correct'?
> 
> Thanks for your hard work.
> 

Hi,

I understand the issue, however it is a useful feature to say "username
incorrect" or "password incorrect" etc (at least the user has some idea
of what they did wrong!).

Does anyone else want to <insert 2cents> ? If not, I'll change it as per
the suggestion within the next week....

David.

- --
David Goodwin

[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk       ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJBY3w/ISo3RF5V6YRAgadAKCEnmmrav4yB0l6rlY9whPhZNhO2gCfYQZS
iAhOvdZMXx5ho4lDpuL1qYY=
=tS4S
-----END PGP SIGNATURE-----