Closed GoogleCodeExporter closed 8 years ago
I don't think so, its common usage to show some details if either username is
wrong, not found or password is wrong.
To protect against DDO or brut force attacks you should use different methods
then obfuscate the error message, for example you only allow 3 attempts to
login within 15 minutes.
Original comment by seba.wag...@gmail.com
on 1 Dec 2011 at 8:36
Original issue reported on code.google.com by
asanju...@gmail.com
on 30 Nov 2011 at 7:25