Re: [vchkpw] vpopmaild - errors on login
- Original Message - I see you have different error messages during login for: invalid email address user does not exist invalid password It might be better to return the same message for all so the hostile hacker can't learn as much about your users. Good point. I'd suggest - ERR XXX Login invalid to stdout and detailed info to syslog Solt
Re: [vchkpw] vpopmaild - errors on login
Marcin Soltysiak wrote: - Original Message - I see you have different error messages during login for: invalid email address user does not exist invalid password It might be better to return the same message for all so the hostile hacker can't learn as much about your users. Good point. I'd suggest - ERR XXX Login invalid to stdout and detailed info to syslog Solt Its using tcpserver, so why not to multilog. I personally try to limit as much as possible the use of syslog. X-Istence
Re: [vchkpw] vpopmaild - errors on login
- Original Message - From: X-Istence [EMAIL PROTECTED] Marcin Soltysiak wrote: - Original Message - I see you have different error messages during login for: invalid email address user does not exist invalid password It might be better to return the same message for all so the hostile hacker can't learn as much about your users. Good point. I'd suggest - ERR XXX Login invalid to stdout and detailed info to syslog Its using tcpserver, so why not to multilog. I personally try to limit as much as possible the use of syslog. Sure. I meant (syslog|multilog|anylog) facility on server side. :-) Solt
