Suggestion: Login page
-
Security issue:
The login page should _not be_ so specific as to which is incorrect, the username or password. As of 1.5.1.3, it very kindly makes that distinction and so makes it easier to break in.
I have modified my version to just say “Invalid username or password”, irrespective of which of the two is incorrect.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘Suggestion: Login page’ is closed to new replies.