search

bo-yang / plan9front

Automatically exported from code.google.com/p/plan9front
0 stars 0 forks source link

auth error messages suck #72

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
auth error messages are usually completely useless and unrelated to the real 
problem, sometimes even garbled; we could as well replace them with "?" or 
similar.

Original issue reported on code.google.com by a...@phicode.de on 17 Jul 2011 at 7:42

GoogleCodeExporter commented 9 years ago 
i think this is on purpose. for security reasons :)

authsrv for example makes bogus auth tokens so an attacker can't 
figure out if a user exists.

it would be good to isolate the cases and see if we have a chance
improving the situation without compromising security.

Original comment by cinap_le...@felloff.net on 27 Aug 2011 at 6:03

GoogleCodeExporter commented 9 years ago

Original comment by cinap_le...@felloff.net on 4 Nov 2011 at 11:06