|
|
|
|
|
|
by throwaway2016a
684 days ago
|
|
|
While I agree it's not really security through obscurity because when combined with other strategies (like mitigating timing attacks and rate limiting) it does expose less information to the attacker. However, I stand that it does depend on the application. For example: Facebook does not use generic error messages. I presume because there are other trivial ways to find out if a user has an account so mitigating enumeration through the login form is not actually adding extra security. |
|
|