On 24-4-2016 13:54, Alex Peshkoff wrote: > On 04/24/2016 11:32 AM, Mark Rotteveel wrote: >> It looks like Firebird 3 rejects the login attempt if the user exists >> for a plugin, but the provided password is wrong. I thought that this >> would continue authentication with the next plugin, but it doesn't. >> >> Is that intentional? > > Yes.
What is the reasoning behind this? As I said, it discloses existence of the user because it stops authentication early. It also leads to a very inconsistent user experience. Mark -- Mark Rotteveel ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
