|
|
|
|
|
|
by mooism2
5524 days ago
|
|
|
We should always be thinking about security, particularly when validating security credentials. (But remember that security is a trade-off.) But I don't see the security cost in populating the username box with what the user previously typed there. We're just echoing back what the user typed. The only extra information we've provided is that the potential attacker can't login with that username+password --- we don't say whether this is because the username is invalid or because the password is incorrect for that username. |
|
|