I’m new in using Yii framework, and I’ve got questions
I’ve played with authentication and realise one thing which may be kind of security issue:
In yii blog example ( %yii%/demos/blog/index.php/site/login )… I’m trying to login:
start entering default password (demo)
So… if I enter wrong password I get a message “Incorrect username or password” even if I didn’t click Loggin button. System tell me that my passwor wrong untill I type right one.
Here is my questions:
A)So isn’t it dangerous? I mean if there some delay in authentication function? If not I think that somebody could use password guessing script or smth.
B)How could I caught such password guessing? Or how could I add delay in authentication (1-2 sec) - in this case it will be hard to use password guessing script
C)How could I show message "Incorrect username or password" only after user click logging button.