[wp-trac] Re: [WordPress Trac] #2901: Incorrect Login Feedback
WordPress Trac
wp-trac at lists.automattic.com
Tue Jul 4 23:16:56 GMT 2006
#2901: Incorrect Login Feedback
----------------------------------------------------+-----------------------
Reporter: ptvguy | Owner: Nazgul
Type: enhancement | Status: assigned
Priority: low | Milestone: 2.1
Component: Security | Version: 2.0.3
Severity: minor | Resolution:
Keywords: security, feedback, login bg|has-patch |
----------------------------------------------------+-----------------------
Changes (by Nazgul):
* keywords: security, feedback, login => security, feedback, login bg
|has-patch
* status: new => assigned
* owner: anonymous => Nazgul
Comment:
Small patch which gives a 'Incorrect username or password' message on a
faulty login.
Also, the 'relevant' part of the IRC discussion:
{{{
[00:46] jared: BasB: When I access the login page, if I type admin and
then hit enter there is no change and then I tend to type in my password
next and it appears with admin in the top box
[00:47] jared: This not only shows anyone behind me my pass code. The same
one I use for all the important stuff. But it will come up when I type
admin, because the browser wants to autofill that box
[00:48] ptvGuy: I never use autfill
[00:48] ptvGuy: I've done that in a hurry
[00:49] jared: ptvGuy: I do, I think its great. But in this case its not
so great. Infact I have to turn it off or reset it just to prevent this
situation.
[00:50] ptvGuy: I use FireFox on a private computer with password manager
so admin is all I need to type
[00:50] ptvGuy: Then, when I'm on someone else's computer with IE, I
forget and get in a hurry
[00:50] BasB: First of all, don't use passwords in more than one place
(especially in important ones) Second, why do you press enter after
entering admin? Shouldn't that be tab?
[00:51] ptvGuy: Yeah, well, you know, when you gotta blog, you gotta blog.
[00:52] ptvGuy: Some of us get in too much of a hurry
[00:53] ptvGuy: Anyway, I don't think that's a bug
[00:54] BasB: So you want some kind of 'username or password incorect'
message? To know that you pressed the wrong button or entered the wrong
user/pass?
[00:54] ptvGuy: The only possible fix for that would be hiding both the
username and password fields
[00:58] ptvGuy: Anyway, I don't think that the problem you have is a bug.
[00:58] jared_: But back to the login bug. I have had this situation occur
half a dozen times.
[00:59] jared_: Usually in a program when you sign in, if the name and
password are not correct, you are given feed back
[00:59] ptvGuy: Most just pop you back to the login window
[01:00] jared_: In this case the feedback is missing, so if one is in a
hurry or not paying strict attention one easily types the password into
the visible text area of the name box
[01:00] jared_: I have only noticed this issue in wordpress
[01:01] jared_: In fact it took me quite a few minutes to figure out how
to reproduce the issue. It never really made sense and as soon as I was
paying attention to the login I didn't have the problem
[01:02] ptvGuy: So you want an incorrect login feedback page forcing you
to choose the option to try to log in again?
[01:02] BasB: If you enter a feature request in trac, I'll create a patch
that gives a 'Incorrect username or password' notification for it.
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/2901>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list