-
Web Security?
Hey all,
Just pondering. I failed a login attempt today on accident and found that the AO site gives me a wrong password error. Then I figured what the heck, "I wonder if it gives a failed password error?". To my suprise it does.
Just wondering if anyone has noticed that before? Seeing how AO is a security site to give the "best practice" approach to network security. Anyone see this as a oximoron considering AO (we) are security site that prides ourselves in dong the right thing..lol
Please do not take this out of context....just wondering if that can be fixed..lol
-
Hey Hey,
Let me get this straight.... You think it's a problem that AO tells you you've entered an incorrect password?
Why?!?
Scenerio 1:
User Sends: Incorrect password
User Receives: ERROR: Bad Password
Scenerio 2:
User Sends: Incorrect username
User Receives: ERROR: Bad Username
Scenerio 3:
User Sends: Incorrect username or password
User Receives: ERROR: Login Incorrect
You feel that Scenerio 3 is the way to go??? I love when I see security policies like this or people that mention this is bad security.
AO is a public forum.... Anyone can view your username... So if I enter your username and a password... I'm either logged in or it's a bad password... Do you really think that changing the error message provides a level of security greater than already exists? Someone will fail a log in and go oh... it must be the wrong password.. it really doesn't matter what the message says... It's common sense...
Peace,
HT
-
At least it doesn't say "bad username" when you enter a correct password for an incorrect username :duh: