Avoid hints for an invalid password attempt

jwasham / computer-science-flash-cards

Mini website for testing both general CS knowledge and enforce coding practice and common algorithm/data structure memorization.

Creative Commons Attribution Share Alike 4.0 International

8.46k stars 2.02k forks source link

Avoid hints for an invalid password attempt #26

Closed shivansh closed 7 years ago

shivansh commented 7 years ago

In case a (malicious) user gets a correct username, avoid showing hint for invalid password attempts as they can guide a brute force attack. This can be (somewhat) useful when the website is publicly hosted.

jwasham commented 7 years ago

Thanks!