Re: Error message suggestion

help-gnats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Error message suggestion

From:	Chad Walstrom
Subject:	Re: Error message suggestion
Date:	Fri, 30 Jun 2006 09:47:36 -0500
User-agent:	Mutt/1.5.9i

On Thu, Jun 29, 2006 at 04:52:09PM -0700, Tim Freedom wrote:
> As you can see there is no mention of a password.  It would have
> been ideal to see something akin to 'pr-edit: access denied -
> password rejected' or similar, no ?

In short, "No."  Whether the original editor of the gnatsd daemon
intended it or not, it was the right decision NOT to mention whether
the password or the account name was incorrect.  Doing so is to give a
brute-force attacker more information than is necessary.

> I'm sure there are other errors that are just as ambiguous which
> ought to get looked into again (just a thought).

I agree with you there.  The command-line tools could use some
error-reporting and user interface rationalization.

-- 
Chad Walstrom <address@hidden>           http://www.wookimus.net/
           assert(expired(knowledge)); /* core dump */

[Prev in Thread]

Current Thread

[Next in Thread]

Error message suggestion, Tim Freedom, 2006/06/29
- Re: Error message suggestion, Chad Walstrom <=

Prev by Date: Re: new GNATS PRs at wookimus.net
Previous by thread: Error message suggestion
Next by thread: Re: new GNATS PRs at wookimus.net
Index(es):
- Date
- Thread