User and password dialog

[GoogleCodeExporter]

In User & password login dialog if you put wrong user/password it report user 
not found or password incorrect.
It is insecure method because these information can use to brute force attack 
Can implement generic dialog for example 
User or password incorrect.
Thanks

Original issue reported on code.google.com by asanju...@gmail.com on 30 Nov 2011 at 7:25

[GoogleCodeExporter]

I don't think so, its common usage to show some details if either username is 
wrong, not found or password is wrong.
To protect against DDO or brut force attacks you should use different methods 
then obfuscate the error message, for example you only allow 3 attempts to 
login within 15 minutes.

Original comment by seba.wag...@gmail.com on 1 Dec 2011 at 8:36

• Changed state: Review