1. Forums
  3. Archive
  5. CB
  7. CB 1.2.2
  9. CB 1.2.2 General Discussion
  11. [SOLVED] Verbose Error Messages

[SOLVED] Verbose Error Messages

13 years 9 months ago #137378 by Barrie McKinnon
[SOLVED] Verbose Error Messages was created by Barrie McKinnon
Hi Guys,
We recently received a report from an external consultancy following penetration tests to the organisation's web sites. One criticism of mine (the only Joomla website we have) is that error messages generated at registration are "verbose" for example

"the username 'admin' is already in use please choose another one"

- accounts could then be subject to a 'brute force' attack to learn corresponding passwords. What do I need to change to alter the wording of the error messages?

Barrie:blush:

Post edited by: krileon, at: 2010/07/13 21:19

Please Log in to join the conversation.

13 years 9 months ago #137437 by krileon
Replied by krileon on topic Re:Verbose Error Messages
Simply edit the following language string to adjust the error message.

IN: components/com_comprofiler/plugin/language/default_language/default_language.php
ON: Line 913
FROM:
[code:1]
define('_UE_USERNAME_ALREADY_EXISTS',"The username '%s' is already registered: please choose another one."«»);
[/code:1]
TO:
[code:1]
define('_UE_USERNAME_ALREADY_EXISTS',"The username is already registered: please choose another one."«»);
[/code:1]

Don't understand how it will make any difference as the user typed admin and it clearly was denied, so all need be is look back at the username field as to what the typed. Such error is typical for any site as far as I am aware.

Perhaps more intuitive passwords are in order. Using some of the other validation methods for the username field would be a better approach such as requiring at least 6 characters, 1 letter, 1 number, etc...

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

13 years 9 months ago #137558 by Barrie McKinnon
Replied by Barrie McKinnon on topic Re:Verbose Error Messages
Hi Kyle,
Absolutely agree with you, but my political masters, having employed the consultants, will want to see their recommendations acted upon (however senseless).

Help greatly appreciated.
Barrie ;)

Please Log in to join the conversation.

13 years 9 months ago #137681 by krileon
Replied by krileon on topic Re:Verbose Error Messages
Barrie McKinnon wrote:

Hi Kyle,
Absolutely agree with you, but my political masters, having employed the consultants, will want to see their recommendations acted upon (however senseless).

Help greatly appreciated.
Barrie ;)

Well in that case the above is how you adjust the error message. ;)

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

Moderators: beatnantkrileon
  1. Forums
  3. Archive
  5. CB
  7. CB 1.2.2
  9. CB 1.2.2 General Discussion
  11. [SOLVED] Verbose Error Messages
Time to create page: 0.390 seconds

Facebook Twitter LinkedIn

    You are here:  
  1. Home
  2. Forums
  3. Archive
  4. CB
  5. CB 1.2.2
  6. CB 1.2.2 General Discussion
  7. [SOLVED] Verbose Error Messages

Search

Login / Logout

User Menu