Project

General

Profile

AuthWidget -> validator question

Added by Emeric Poupon about 13 years ago

Hello !

I recently discovered the new Wt-3.2.0 release and I couldn't resist to give Wt::Auth a try. It looks so promising!

I just started a new project using the hangman base example.

And something bothers me: there are user/password validators in the default implementation. I would not like people to know which users are currently in the database.

Is is possible to fall in the behavior that most websites implement : just tell the couple user/password is invalid?

It may make sense to set attempt throttling to false then. I mean just use a constant delay in order to prevent the user from getting any clue.

Regards,


Replies (1)

RE: AuthWidget -> validator question - Added by Koen Deforche about 13 years ago

Hey Emeric,

This kind of feed-back is much appreciated. This behavior is currently not available with the AuthWidget (which implements a standard view).

Although you can also implement your own LoginWidget, it would be better if aspects like this (and others) of the behavior can be customized.

I've created a feature request for this: http://redmine.emweb.be/issues/1108

Regards,

koen

    (1-1/1)