Absolutely agree with Jules. It's non security.<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 23, 2012 at 2:10 PM, Jules <span dir="ltr"><<a href="mailto:Jules@zend.to" target="_blank">Jules@zend.to</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">As a basic point of security, you never tell an attacker *why* their<br>
login attempt failed.<br>
Telling them the account is locked out instantly tells them to try<br>
cracking the next account and give up on this one.<br>
<br>
Very bad security practice to tell them any more information than "login<br>
failed".<br>
<br>
So I'm certainly not going to implement it. But you have the source, so<br>
feel free to implement it yourself. You just need to call NSSError when<br>
your code realises a login attempt failed because it was locked out.<br>
<br>
Jules.<br>
<div><div class="h5"><br>
On 21/11/2012 19:59, Brendon Baumgartner wrote:<br>
> Jump to : == Forget it == below. This is a feature request.<br>
><br>
> Okay, so yesterday I reported successfully dropping off and picking up<br>
> files so I told some more people to try it. Now I have a new and very<br>
> strange problem. Hopefully Jules has an idea ;)<br>
><br>
> Someone said it didn't work (login issue) and it has worked for a few<br>
> people. Things I have tried:<br>
><br>
> 1- all kinds of variations of passwords such as removing #'s and<br>
> symbols, etc. That didn't work.<br>
> 2- Changing problem user name from 6 character length to 9 characters.<br>
> This worked.<br>
> 3- Change user back to 6 characters.<br>
> ...<br>
><br>
> == Forget it. ==<br>
> As I was writing it, it occurred to me that maybe the lockout feature<br>
> was working and it didn't say anything... which turned out to solve my<br>
> problems!<br>
><br>
> Could you maybe notify the user their account is locked out? :)<br>
><br>
> -Brendon<br>
</div></div>> Jules<br>
><br>
> --<br>
> Julian Field MEng MBCS CITP CEng<br>
> <a href="http://www.Zend.To" target="_blank">www.Zend.To</a><br>
><br>
> Twitter: @JulesFM<br>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<br>
><br>
> 'There is one thing stronger than all the armies in the world;<br>
> and that is an idea whose time has come.'<br>
_______________________________________________<br>
ZendTo mailing list<br>
<a href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
<a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><br>
</blockquote></div><br></div>