cm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 4 months agoUh oh, somebody's not following best practices, that's a paddlinlemmy.worldimagemessage-square83linkfedilinkarrow-up1547arrow-down120
arrow-up1527arrow-down1imageUh oh, somebody's not following best practices, that's a paddlinlemmy.worldcm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 4 months agomessage-square83linkfedilink
minus-squareaesthelete@lemmy.worldlinkfedilinkarrow-up3·4 months ago Username/password validation should happen entirely server-side, with as little information as possible provided to the client 💯 It’s recommended practice to not even tell them which half of the username/password combination failed upon authentication failures.
💯
It’s recommended practice to not even tell them which half of the username/password combination failed upon authentication failures.