Hosting Provided By

Re: Concurrent Sessions and User Feedback

From: Jeremy Poteet <jpoteet(at)tech-partners.com>
Date: Sat Apr 05 2003 - 14:48:08 EST

Sue,

My concern for harvesting user ids in the two manners you describe is when applications provide this type of information when only supplied with a user id. It sounds like in this application's case, that both a valid login and password must be provided. In that case, this feedback can be useful to a legitimate user of the account, in that they are informed if someone else may have gained access to the account.

Many systems provide the same feedback you have described when a valid user id is supplied. This would be the typical way that user ids can be harvested. Login messages such as in this case, registration pages that report that the user id has already been taken, password reminder screens that state they do not know a specific user, etc. all can be used in this manner.

Jeremy Poteet, CISSP
Chief Technology Officer
Technology Partners, Inc.
1-877-636-1331 x105 (toll free)
636-519-1221 x105
http://www.tech-partners.com

On 4/5/03 1:11 PM, "Susan Olson" <olson.susan@excite.com> wrote:

>
> I?m looking for words of wisdom/advice/ideas on how to handle this from a
Received on Sat Apr 5 16:09:53 2003

This message: [ Message body ]
Next message: Bogdan Hamciuc: "browsers and trojan-like behaviour"
Previous message: Gabriel Lawrence: "Re: Concurrent Sessions and User Feedback"
In reply to Susan Olson: "Concurrent Sessions and User Feedback"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:50 EDT