[horde] Authentication Failure Notification

Rob MacGregor rob.macgregor at gmail.com
Thu Dec 4 12:25:39 UTC 2008


On Thu, Dec 4, 2008 at 07:59, Tahir Riaz <tahiriaz at comsats.net.pk> wrote:
>
>  Respected Sir,
>              This is the 3 rd time I am posting this question in hope to get some solution. I can login to imp perfectly. everything is working fine just when a users login and do not provide a correct username and password he is redirected back to the login page and there is no notification that his login has failed. There must be some kind of notification that why he caannot login.

Why?  Most systems these days don't differentiate between invalid
usernames and wrong passwords to make an attackers life harder.  How
much easier it is for them if they receive "Incorrect Username" when
the username is wrong and "Invalid Password" if the password is wrong
but the user exists, now they know which accounts to attack.

> I am using the latest stable version of horde grouware webmail and using imp for authentication.

Generally it's better to provide version numbers are your idea of the
latest stable may differ from what others believe.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche


More information about the horde mailing list