Web Security?
Results 1 to 3 of 3

Thread: Web Security?

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    137

    Web Security?

    Hey all,

    Just pondering. I failed a login attempt today on accident and found that the AO site gives me a wrong password error. Then I figured what the heck, "I wonder if it gives a failed password error?". To my suprise it does.

    Just wondering if anyone has noticed that before? Seeing how AO is a security site to give the "best practice" approach to network security. Anyone see this as a oximoron considering AO (we) are security site that prides ourselves in dong the right thing..lol

    Please do not take this out of context....just wondering if that can be fixed..lol
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Let me get this straight.... You think it's a problem that AO tells you you've entered an incorrect password?

    Why?!?

    Scenerio 1:
    User Sends: Incorrect password
    User Receives: ERROR: Bad Password

    Scenerio 2:
    User Sends: Incorrect username
    User Receives: ERROR: Bad Username

    Scenerio 3:
    User Sends: Incorrect username or password
    User Receives: ERROR: Login Incorrect

    You feel that Scenerio 3 is the way to go??? I love when I see security policies like this or people that mention this is bad security.

    AO is a public forum.... Anyone can view your username... So if I enter your username and a password... I'm either logged in or it's a bad password... Do you really think that changing the error message provides a level of security greater than already exists? Someone will fail a log in and go oh... it must be the wrong password.. it really doesn't matter what the message says... It's common sense...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    At least it doesn't say "bad username" when you enter a correct password for an incorrect username

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •