On Sun, 18 Feb 2001 Jeffry Houser <[EMAIL PROTECTED]> writes: > One theory on security is that you should not tell the user the > reason you could not verify their information. > "Aha, says the hacker. I just found out a valid username." I enjoyed the book "GUI Bloopers" by another Jeff, Jeff Johnson. But I disagree with him when he writes that users *should* be told which part of their login attempt has failed. I'm colored by my years of work for the U.S. Department of Defense. The less revealed, the better. (As we programmers say, "Life would be easier without those users.") -David ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
