Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
higherpurpose
on Dec 1, 2014
|
parent
|
context
|
favorite
| on:
“Invalid username or password” is a useless securi...
If you're only giving the message when the username
doesn't exist
, wouldn't that mean the attacker would know when the username
does
exist?
wtetzner
on Dec 1, 2014
[–]
The message is always sent through email though, so the attacker wouldn't see it.
Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
