8 lines
397 B
Plaintext
8 lines
397 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
When a user performs a request involving a username, it should not be possible to spot differences between a valid and incorrect username:
|
|
|
|
* Error messages should be generic and not disclose if the username is valid or not.
|
|
* The response time must be similar for a valid username or not.
|
|
* CAPTCHA and other rate limiting solutions should be implemented.
|