dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c75f0e9) | patch
SECURITY: Do not reveal if user exists during login failure
authorBrian Wolff <bawolff+wn@gmail.com>
Mon, 13 Nov 2017 16:02:50 +0000 (16:02 +0000)
committerReedy <reedy@wikimedia.org>
Wed, 15 Nov 2017 00:58:44 +0000 (00:58 +0000)
commite7ea90509c73c60b665b8f63e3bb95b1adfec78c
tree302f0c2deb57f19b30c4865ccde36c94423cfb5atree | snapshot
parentc75f0e95c9888489961548c72ef24786c43838aacommit | diff
SECURITY: Do not reveal if user exists during login failure

This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.

Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
includes/auth/LocalPasswordPrimaryAuthenticationProvider.php diff | blob | history
languages/i18n/en.json diff | blob | history
Wiklou, le Wiki du Wiklou