Login functionality

Ian Molton spyro at f2s.com
Wed Feb 18 11:11:08 PST 2004


On Wed, 18 Feb 2004 20:39:33 +0200
"Tarek W." <mailinglists1 at hotpop.com> wrote:

> how bout logging the username only if the username matches an entry in
> /etc/passwd.

very bad. that leaks information - if the log grows its a valid username, no need to guess the uname anymore...

-- 
Spyros lair: http://www.mnementh.co.uk/   ||||   Maintainer: arm26 linux

Do not meddle in the affairs of Dragons, for you are tasty and good with ketchup.



More information about the hlfs-dev mailing list