On 24-4-2016 13:54, Alex Peshkoff wrote:
> On 04/24/2016 11:32 AM, Mark Rotteveel wrote:
>> It looks like Firebird 3 rejects the login attempt if the user exists
>> for a plugin, but the provided password is wrong. I thought that this
>> would continue authentication with the next plugin, but it doesn't.
>>
>> Is that intentional?
>
> Yes.

What is the reasoning behind this? As I said, it discloses existence of 
the user because it stops authentication early. It also leads to a very 
inconsistent user experience.

Mark
-- 
Mark Rotteveel

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to