privacy: don't tell users what is the reason for a failed login Makes it harder for strangers to probe the instance for presence of certain users. This can ...
andrewsh committed on 2015-05-16 15:03:51
branch: default tag: tip changeset: b75f1d07 privacy: don't tell users what is the reason for a failed login Makes it harder for strangers to probe the instance for presence of certain users. This can make it harder to break in, as it is now harder to tell is a username or a password are wrong, so bruteforcing should probably take a bit longer if you don't know what exactly are you doing. M kallithea/model/validators.py (5 lines added, 8 lines removed) M kallithea/tests/__init__.py (1 lines added, 1 lines removed) M kallithea/tests/functional/test_login.py (2 lines added, 4 lines removed) |
_______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
