Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make invalid credentials less informative #59

Closed
fmigneault opened this issue Jun 8, 2018 · 3 comments
Closed

Make invalid credentials less informative #59

fmigneault opened this issue Jun 8, 2018 · 3 comments
Assignees
@fmigneault
Labels
enhancement Improvements in term of performance or behaviour

Comments

@fmigneault
Copy link
Collaborator

  • No specific invalid user/password, just a single generic "invalid credentials".
  • Display with banner.

As discussed in meeting: https://www.crim.ca/confluence/pages/viewpage.action?pageId=21761637
@fmigneault fmigneault added the enhancement Improvements in term of performance or behaviour label Jun 8, 2018
@fmigneault fmigneault self-assigned this Jun 8, 2018
@dbyrns
Copy link
Contributor

dbyrns commented Jun 8, 2018

@huard : We discussed about that in a meeting (see ref) and we agreed that telling specifically that a user doesn't exist could be exploited. The good practice is to tell that a user/password combinaison isn't correct. This way someone cannot guess first a valid user and then guess it's password. If you want to see that in action try to log to github with an invalid username. It will never let you know that this user doesn't exist.

@huard
Copy link
Contributor

huard commented Jun 8, 2018

Got it. As long as the message is clear, I'm good. E.g "Your login information is incorrect, check your username and password."

@fmigneault fmigneault mentioned this issue Jun 8, 2018
Closed
fmigneault pushed a commit that referenced this issue Jun 12, 2018
@fmigneault-crim
adjust error usr/pwd display (issue #59)
6fd309c
@fmigneault fmigneault mentioned this issue Jun 13, 2018
Merged
fmigneault pushed a commit that referenced this issue Jun 15, 2018
@fmigneault-crim
adjust error usr/pwd display (issue #59)
bc3d2a0
fmigneault pushed a commit that referenced this issue Jun 19, 2018
@fmigneault-crim
adjust error usr/pwd display (issue #59)
36365ce
fmigneault pushed a commit that referenced this issue Jun 20, 2018
@fmigneault-crim
adjust error usr/pwd display (issue #59)
5e79f24
@fmigneault
Copy link
Collaborator Author

resolved via PR #64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmigneault fmigneault

Labels
enhancement Improvements in term of performance or behaviour
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@huard @dbyrns @fmigneault