Giter Club home page Giter Club logo

Comments (7)

qkreltms avatar qkreltms commented on June 16, 2024

#436 (comment)

from hackatalk.

hyochan avatar hyochan commented on June 16, 2024

Specify project
Client

Is your feature request related to a problem? Please describe.
When I tried to sign in with incorrect email, but correct password, error message displays like "비밀번호를 다시 확인해주세요.".
hackatalk

Describe the solution you'd like
현재 db, 클라이언트에서 어떤 부분이 틀렸는지 알려줍니다.

어떤 부분이 틀렸는지 알려주는 것은 보안상으로 이슈가 있을 것으로 예상됩니다.

일례로 네이버 로그인 창에서는 아이디 또는 비밀번호가 틀리면 어떤게 틀렸는지 알려주지 않고 "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다.와 같은 메시지를 표시합니다.

Additional context

I hope you write in English next time 😅 so that more people around the world lately can participate in our work.
I think this issue is the matter of which string we should provide here since it doesn't tell which is wrong. It just tells that the password is incorrect. It doesn't argue that the email is wrong.

from hackatalk.

qkreltms avatar qkreltms commented on June 16, 2024

Do you saying it should validate and tells whether email is wrong not only arguing about password if I understand correctly? @hyochan

from hackatalk.

hyochan avatar hyochan commented on June 16, 2024

Do you saying it should validate and tells whether email is wrong not only arguing about password if I understand correctly? @hyochan

No. Looking inside the code, I found that it did not have any scenario on giving hints on the wrong email that does not match the database. Just telling the email format is not correct does not make any security issue.

from hackatalk.

qkreltms avatar qkreltms commented on June 16, 2024

Okay I got this now "No. Looking inside the code, I found that it did not have any scenario on giving hints on the wrong email that does not match the database. Just telling the email format is not correct does not make any security issue."

Than, how about just displaying error message like "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다." not displaying red underline because users may be confused because of it.(email format is wrong, but message is "비밀번호를 다시 확인해주세요." with red underline on password field)

from hackatalk.

hyochan avatar hyochan commented on June 16, 2024

Than, how about just displaying error message like "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다." not displaying red underline because users may be confused because of it.(email format is wrong, but message is "비밀번호를 다시 확인해주세요." with red underline on password field)

I think you've missed the code here https://github.com/dooboolab/hackatalk/blob/ee38d64fba78203f63e13a80425e7e689d383c29/client/src/components/pages/SignIn/index.tsx#L176.

I am still confused about what you are trying to achieve here. How about just give out a proposal if you think something is actually needed? Or it'd be good to bring another idea and focus on that 🤔

from hackatalk.

qkreltms avatar qkreltms commented on June 16, 2024

I've focused on these lines
https://github.com/dooboolab/hackatalk/blob/ee38d64fba78203f63e13a80425e7e689d383c29/client/src/components/pages/SignIn/index.tsx#L217-L220
It only tells password is incorrect If I understand correctly.

Well if you think it is not an issue I will close this issue.

from hackatalk.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.