cm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 11 months agoUh oh, somebody's not following best practices, that's a paddlinlemmy.worldimagemessage-square89linkfedilinkarrow-up1549arrow-down119
arrow-up1530arrow-down1imageUh oh, somebody's not following best practices, that's a paddlinlemmy.worldcm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 11 months agomessage-square89linkfedilink
minus-squareaesthelete@lemmy.worldlinkfedilinkarrow-up3·11 months ago Username/password validation should happen entirely server-side, with as little information as possible provided to the client 💯 It’s recommended practice to not even tell them which half of the username/password combination failed upon authentication failures.
💯
It’s recommended practice to not even tell them which half of the username/password combination failed upon authentication failures.