Comments (7)
from hackatalk.
Specify project
ClientIs your feature request related to a problem? Please describe.
When I tried to sign in with incorrect email, but correct password, error message displays like "비밀번호를 다시 확인해주세요.".
Describe the solution you'd like
현재 db, 클라이언트에서 어떤 부분이 틀렸는지 알려줍니다.어떤 부분이 틀렸는지 알려주는 것은 보안상으로 이슈가 있을 것으로 예상됩니다.
일례로 네이버 로그인 창에서는 아이디 또는 비밀번호가 틀리면 어떤게 틀렸는지 알려주지 않고 "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다.와 같은 메시지를 표시합니다.
Additional context
I hope you write in English next time 😅 so that more people around the world lately can participate in our work.
I think this issue is the matter of which string we should provide here since it doesn't tell which is wrong. It just tells that the password is incorrect. It doesn't argue that the email is wrong.
from hackatalk.
Do you saying it should validate and tells whether email is wrong not only arguing about password if I understand correctly? @hyochan
from hackatalk.
Do you saying it should validate and tells whether email is wrong not only arguing about password if I understand correctly? @hyochan
No. Looking inside the code, I found that it did not have any scenario on giving hints on the wrong email that does not match the database. Just telling the email format is not correct does not make any security issue.
from hackatalk.
Okay I got this now "No. Looking inside the code, I found that it did not have any scenario on giving hints on the wrong email that does not match the database. Just telling the email format is not correct does not make any security issue."
Than, how about just displaying error message like "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다." not displaying red underline because users may be confused because of it.(email format is wrong, but message is "비밀번호를 다시 확인해주세요." with red underline on password field)
from hackatalk.
Than, how about just displaying error message like "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다." not displaying red underline because users may be confused because of it.(email format is wrong, but message is "비밀번호를 다시 확인해주세요." with red underline on password field)
I think you've missed the code here https://github.com/dooboolab/hackatalk/blob/ee38d64fba78203f63e13a80425e7e689d383c29/client/src/components/pages/SignIn/index.tsx#L176.
I am still confused about what you are trying to achieve here. How about just give out a proposal if you think something is actually needed? Or it'd be good to bring another idea and focus on that 🤔
from hackatalk.
I've focused on these lines
https://github.com/dooboolab/hackatalk/blob/ee38d64fba78203f63e13a80425e7e689d383c29/client/src/components/pages/SignIn/index.tsx#L217-L220
It only tells password is incorrect If I understand correctly.
Well if you think it is not an issue I will close this issue.
from hackatalk.
Related Issues (20)
- bug: wrong spec for multiple files upload HOT 2
- inline dotenv does not work any longer
- Clickable Links / URL HOT 2
- Improve a signIn function to validate a email & password correctly HOT 1
- login page animation starting location issue HOT 3
- Implement a feature which can invite friends in chatroom. HOT 1
- Editing message should be saved when left the room. HOT 8
- bug: an error alert pop-ups when click "메일 재전송" button HOT 2
- Status message could be overflowing text content area HOT 3
- License Agreement Message is hidden in website. HOT 5
- Create empty channel (Self Chat?) HOT 3
- Delete messages feature HOT 3
- Delete same channel notification if enter the chat channel. HOT 4
- Old relay types are being used
- Tag users
- Upload movie clip in [Message] HOT 4
- Voice message
- File Upload
- Sunset Alert: Attention Required!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hackatalk.