On 04/24/2016 11:32 AM, Mark Rotteveel wrote:
> It looks like Firebird 3 rejects the login attempt if the user exists
> for a plugin, but the provided password is wrong. I thought that this
> would continue authentication with the next plugin, but it doesn't.
>
> Is that intentional?

Yes.

> This leaks information about the existence of a user (it exists in
> plugin x).
>
> Mark


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to