RE: [Acegisecurity-developer] knowledge of valid username but incorrect password

Wed, 07 Dec 2005 09:50:28 -0800 

Thanks Ray, I've looked into the code and this looks like the place to
start...I'm just a developer; orders take precedence over the evil-doers.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ray Krueger
Sent: Wednesday, December 07, 2005 9:58 AM
To: [email protected]
Subject: Re: [Acegisecurity-developer] knowledge of valid username but
incorrect password

You can set the hideUserNotFoundExceptions property on the
AuthenticationDaoProvider to false.

Keep in mind that you are giving hackers a hint by doing that though.
You are telling any potential evil-doers "Well, you guesed correctly
on a username, now just guess the password".

On 12/7/05, Trent <[EMAIL PROTECTED]> wrote:
> Currently we have ACEGI authenticating a web app. However I need to change
> some current behavior. Right now if a user enters a correct username but
> incorrect password the error is the same as a user passing an incorrect
> username. I need to find out how Acegi can notify the application that the
> username is correct but the password isn't. Could someone point me in the
> right direction on how to do this?
>
> Trent
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=ick
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to