[MAGNOLIA-2629] message for username / PW failure should be corrected Created: 20/Feb/09  Updated: 02/Dec/13  Resolved: 02/Dec/13

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Boris Kraft Assignee: Unassigned
Resolution: Outdated Votes: 0
Labels: java5
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Picture 15.png    
Issue Links:
relation
is related to MAGNOLIA-1957 Some superfluous usages java5 API Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Currently if you mistype your password when logging into Magnolia, a message is displayed saying: "username and password do not match".

Of course the username and password should not be the same, in other words, they should not match.

Please correct the message to simply say

"Wrong username and password combination"



 Comments   
Comment by Magnolia International [ 20/Feb/09 ]

The current message seems to be quite standard, though. On the other hand, ours should probably simply be "Incorrect password.", because we actually output a different message when the username does not exist.

Comment by Magnolia International [ 20/Feb/09 ]

Ha - I know why we used a generic message (non-specific to the password being wrong) : with Java 1.4, some of the specific LoginException subclasses (which is how we can know the username is invalid, for instance) did not exist - so we had to have at least one generic message.

Tagging this with java 5, so when we'll start using java 5 niceness, hopefully we'll remember to clean this up.

Comment by Tobias Mattsson [ 02/Dec/13 ]

Closing as outdated, message is now "Error during login. Please try again."

The message is used regardless of whether the username or the password was incorrect, this is better security-wise because you can't by guessing deduce if a username is valid until you've also guessed the right password.

Generated at Mon Feb 12 03:38:34 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.