[horde] Authentication Failure Notification
Rob MacGregor
rob.macgregor at gmail.com
Thu Dec 4 12:25:39 UTC 2008
On Thu, Dec 4, 2008 at 07:59, Tahir Riaz <tahiriaz at comsats.net.pk> wrote:
>
> Respected Sir,
> This is the 3 rd time I am posting this question in hope to get some solution. I can login to imp perfectly. everything is working fine just when a users login and do not provide a correct username and password he is redirected back to the login page and there is no notification that his login has failed. There must be some kind of notification that why he caannot login.
Why? Most systems these days don't differentiate between invalid
usernames and wrong passwords to make an attackers life harder. How
much easier it is for them if they receive "Incorrect Username" when
the username is wrong and "Invalid Password" if the password is wrong
but the user exists, now they know which accounts to attack.
> I am using the latest stable version of horde grouware webmail and using imp for authentication.
Generally it's better to provide version numbers are your idea of the
latest stable may differ from what others believe.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
More information about the horde
mailing list