Hi Mylene, Great point. I've updated the quickstart. It should show up on the site next time confluence wiki gets exported.
Alex On Fri, Jan 7, 2011 at 3:36 AM, Mylene <[email protected]> wrote: > Hi, > I was going through your quickstart documentation. I like it, it > works as stated, but I'd like to give one security related comment. > > The "advised" error message (You, as the application/GUI developer can > choose to show the end-user messages based on exceptions or not (for > example, "There is no account in the system with that username.").) is > IMHO not too well chosen. > > If someone wants to hack an application, he (or she for that matter) > will easily find out what are valid accounts, and what not - if > someone follows this example - and people tend to do that... > > just my 2 cents.... > > Mylene >
