[ZendTo] Re: AD login issue because of login name length?

Brendon Baumgartner b at brendon.com
Fri Nov 23 17:25:03 GMT 2012


Yea. I agree it's less security. Maybe email the admin or the user.

Well, at least I have a clue where to start if it becomes more necessary.
Thanks

-Brendon

On Nov 23, 2012, at 2:11, Jules <Jules at zend.to> wrote:

> As a basic point of security, you never tell an attacker *why* their
> login attempt failed.
> Telling them the account is locked out instantly tells them to try
> cracking the next account and give up on this one.
>
> Very bad security practice to tell them any more information than "login
> failed".
>
> So I'm certainly not going to implement it. But you have the source, so
> feel free to implement it yourself. You just need to call NSSError when
> your code realises a login attempt failed because it was locked out.
>
> Jules.
>
> On 21/11/2012 19:59, Brendon Baumgartner wrote:
>> Jump to : == Forget it == below. This is a feature request.
>>
>> Okay, so yesterday I reported successfully dropping off and picking up
>> files so I told some more people to try it. Now I have a new and very
>> strange problem. Hopefully Jules has an idea ;)
>>
>> Someone said it didn't work (login issue) and it has worked for a few
>> people. Things I have tried:
>>
>> 1- all kinds of variations of passwords such as removing #'s and
>> symbols, etc. That didn't work.
>> 2- Changing problem user name from 6 character length to 9 characters.
>> This worked.
>> 3- Change user back to 6 characters.
>> ...
>>
>> == Forget it. ==
>> As I was writing it, it occurred to me that maybe the lockout feature
>> was working and it didn't say anything... which turned out to solve my
>> problems!
>>
>> Could you maybe notify the user their account is locked out? :)
>>
>> -Brendon
>> Jules
>>
>> --
>> Julian Field MEng MBCS CITP CEng
>> www.Zend.To
>>
>> Twitter: @JulesFM
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> 'There is one thing stronger than all the armies in the world;
>>  and that is an idea whose time has come.'
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto


More information about the ZendTo mailing list