rspec/rules/S5804/recommended.adoc

== Recommended Secure Coding Practices

When a user performs a request involving a username, it should not be possible to spot differences between a valid and incorrect username:

* Error messages should be generic and not disclose if the username is valid or not.
* The response time must be similar for a valid username or not.
* CAPTCHA and other rate limiting solutions should be implemented.
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`== Recommended Secure Coding Practices`

			`When a user performs a request involving a username, it should not be possible to spot differences between a valid and incorrect username:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`* Error messages should be generic and not disclose if the username is valid or not.`
			`* The response time must be similar for a valid username or not.`
			`* CAPTCHA and other rate limiting solutions should be implemented.`