Sonny
|
| Posted: 05/18/2003, 10:48 AM |
|
Has anyone modified the login function of CCS in ASP so that the errors could be stated correctly ie.
Login not in database (When Login is not in dbase)
Password Incorrect (When password is wrong for the login)
As written the cclogin function requires the both the login and password be correct to login and only displays a single error for both.
Any Ideas?
|
|
|
 |
rclayh
|
| Posted: 05/18/2003, 11:47 AM |
|
It's actually a good idea (for security reasons) to be obtuse about logins. Confirming one and not the other helps hackers narrow down the options. It's much better just to say that the login failed. If you need password recovery suggest you set up a page where they enter their email and it mails them there password.
Clay
|
|
|
|
|
