[thesite] aeo: login page, security risk?
Garrett Coakley
garrett at polytechnic.co.uk
Wed Aug 29 17:32:38 CDT 2001
I think I've mentioned this on #evolt before, but I thought I'd throw it
out on here and see what everyone elses opinion is.
At present the login page on aeo has a drop-down box with a list of
usernames of all the people authorised to access aeo. I would view that
as a "bad thing", and think it would be much better to just have the
standard User/Password input boxes.
For someone trying to break into any system, getting the username is
half the battle. This is why on *nix systems any incorrect login attempt
just returns "Login Incorrect" without any clue as to whether the
username or password was wrong.
So thats my feeling, what about everyone else?
G.
--
----------------------------------------------------------------------------
WORK: http://spiked.co.uk/
PLAY: http://polytechnic.co.uk/
More information about the thesite
mailing list