----- Original Message ----- From: "X-Istence" <[EMAIL PROTECTED]> > Marcin Soltysiak wrote: > > ----- Original Message ----- > > > >>I see you have different error messages during login for: > >> > >> > >>invalid email address > >> > >>user does not exist > >> > >>invalid password > >> > >> > >> > >>It might be better to return the same message for all so the hostile > >>hacker can't learn as much about your users. > > > > > > Good point. I'd suggest > > > > - ERR XXX Login invalid > > > > to stdout and detailed info to syslog > Its using tcpserver, so why not to multilog. I personally try to limit > as much as possible the use of syslog. Sure. I meant (syslog|multilog|anylog) facility on server side. :-)
Solt
