cm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 1 month agoUh oh, somebody's not following best practices, that's a paddlinlemmy.worldimagemessage-square81linkfedilinkarrow-up1535arrow-down120
arrow-up1515arrow-down1imageUh oh, somebody's not following best practices, that's a paddlinlemmy.worldcm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 1 month agomessage-square81linkfedilink
minus-squareaesthelete@lemmy.worldlinkfedilinkarrow-up3·1 month ago Username/password validation should happen entirely server-side, with as little information as possible provided to the client 💯 It’s recommended practice to not even tell them which half of the username/password combination failed upon authentication failures.
💯
It’s recommended practice to not even tell them which half of the username/password combination failed upon authentication failures.