search

jeremykendall / slim-auth

Authorization and authentication for the Slim Framework using ZF2 Authentication and Acl components
MIT License
244 stars 38 forks source link

PdoAdapter line 85. Revealing message 'User not found' #2

Closed dannil76 closed 10 years ago

dannil76 commented 10 years ago

Should delete this message as it can be misused by hackers?

jeremykendall commented 10 years ago

Hey @dannil76, thanks for the issue. You would be absolutely correct if that were a message intended for display to the end user. In this case, that message and failure code are intended for internal use only. With that being the case, that failure code and message should stay.

Someone using this library in their code could choose to display that message as an error for the end user, but as you pointed out that would be an extremely bad practice. I hope implementers are wise enough to display a generic message.