#1 2015-04-27 06:08:25

nirnir
Member
Registered: 2013-11-11
Posts: 66

setuser detailed response

Is it possible that on failed setuser request the server will be able to response with an error message ( 'incorrect password'/'user expired'....)  ?

Offline

#2 2015-04-27 07:00:22

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,182
Website

Re: setuser detailed response

We returned a generic error for all authentication failures, since such indications may be not safe in real applications: too much information may help brute force attack.

So we would rather not change the default behavior.

But we renamed the TSQLRestServer.OnSessionFailed event as TSQLRestServer.OnAuthenticationFailed, including a new TNotifyAuthenticationFailedReason parameter so that the callback would be able to identify which kind of failure did occur.
See http://synopse.info/fossil/info/59a04453f1
You would therefore be able to add your custom TSQLRestServer.OnAuthenticationFailed callback, then chang ethe returned error message according to your needs.

Offline

Board footer

Powered by FluxBB