AuthWidget -> validator question
Added by Emeric Poupon about 13 years ago
Hello !
I recently discovered the new Wt-3.2.0 release and I couldn't resist to give Wt::Auth a try. It looks so promising!
I just started a new project using the hangman base example.
And something bothers me: there are user/password validators in the default implementation. I would not like people to know which users are currently in the database.
Is is possible to fall in the behavior that most websites implement : just tell the couple user/password is invalid?
It may make sense to set attempt throttling to false then. I mean just use a constant delay in order to prevent the user from getting any clue.
Regards,
Replies (1)
RE: AuthWidget -> validator question - Added by Koen Deforche about 13 years ago
Hey Emeric,
This kind of feed-back is much appreciated. This behavior is currently not available with the AuthWidget (which implements a standard view).
Although you can also implement your own LoginWidget, it would be better if aspects like this (and others) of the behavior can be customized.
I've created a feature request for this: http://redmine.emweb.be/issues/1108
Regards,
koen