An idea is that the "not found in database" is to put crackers off from bruteforcing it looking for usernames. If you returned both "invalid username" and "invalid password" you'd have an opportunity to build a list of users, and then work on finding passwords.
Just a thought. Mike On Wed, Jun 26, 2013 at 1:32 PM, Katherine Moss <[email protected]>wrote: > Hello all, > I figure that this is relevant considering my site runs ASP.net. I'm on > the Sueetie Framework, and I have the following issue: > I changed the administrator password to both the administrative accounts > listed on the site and now I cannot remember it. I have my email settings > set to deliver to a local directory on the hard drive of the server, so > many of the email addresses are not valid for testing purposes until I can > set up an email server. I am a stronger administrator (and I'm still > learning as always) than developer. I was wondering if you could explain > the following conversation between me and the developer of the Sueetie > Framework in plain English? Portions of it I do not understand what he is > telling me to do, and he seems to think that I should understand exactly > what he is talking about, though he's not one for really explaining things > and educating you in what you don't know. And not to mention the fact that > since he says that email addresses listed don't have to be valid, I try to > use the forgot password link to retrieve passwords and nothing happens, I > try to use forgot user name as well to try and discover what user I have, > and then it says that it is not found in the database. That kind of > behavior sort of makes me rather anxious, though the easiest thing probably > at this point would be to start over, though I'm not willing to admit > defeat yet, but if someone touched something ... > The forum link is here: > http://sueetie.com/forum/default.aspx?g=posts&m=3344#post3344 > And my site is here if you want to see it: > http://accesscop.org > My goal is to get this issue fixed as soon as possible. And if something > did happen to any of my accounts on here and they weren't of my doing, then > I have no idea how that might have happened; my site doesn't get too many > hits, and no one who has hit it would ever do anything harmful. Thanks for > the hand; I'll be a lot more at ease once I can get into the administrator > accounts again and be able to make my friend also an administrator so that > this could never happen again unless both of us goofed up our passwords. > And even if we did, hopefully by then I'll have an email server set up in > the near future; I plan on using the .net-based SmarterMail. > > Thanks, > Katherine > > > > -- Meski http://courteous.ly/aAOZcv "Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough" - Adam Hills
