Small Bug

To: hurd-bugs@gnu.org
Cc: debian-hurd@lists.debian.org
Subject: Small Bug
From: "Alan P. Laudicina" <alanp@linux.com>
Date: Wed, 23 Feb 2000 12:58:27 -0800
Message-id: <20000223125827.A26710@linux.com>

login> login alanp
login: alanp: Unknown user
login> login alan
Password:

This isn't a good idea security-wise.  Instead of the 'User
Unknown' error, it should just ask for the password and error
out with an Invalid Password error.  The way it is setup now
it could be used to guess login names, which is pretty much the
reason that most ftpds ask for a password if there is no such
username on the system anyways, now.

Thanks,
Alan P. Laudicina

-- 
|          Alan P. Laudicina / alanp@linux.com          |
|  http://corp.linux.com  /  http://www.unixpower.org   |
| "You can get more with a kind word and a gun than you |
| can with a kind word alone." - Al Capone (1899-1947)  |

Reply to:

Prev by Date: Re: Another User!
Next by Date: Re: Another User!
Previous by thread: Re: A stable setup
Next by thread: Re: Small Bug
Index(es):
- Date
- Thread