Error message when login fails

Go to solution
Patrick Schulte
Kilo Guru

‎05-04-2014 11:08 AM

Hello everyone,

 

we are using the predefined "Login" dynamic content block and modyfied the layout to meet our needs.
Everything works out fine but I would like to know which script service now is using to verify the users credentials.
Usecase: For better usability I would like to split up the current error message if either the username is wrong and/or the password.
Current message: User name or password invalid.

That's not really specific....

 

I found the "PortletLogin" in Script Includes but that doesn't seem to be the right one. Any ideas?

 

Best regards,

Patrick

0 Helpfuls
  • 3,194 Views
1 ACCEPTED SOLUTION

Go to solution
marcia_jones
Mega Contributor

‎06-11-2014 11:58 AM


Hi Patrick,



I would recommend that you leave the message as it.   As an IS Auditor, from a security perspective, generic is better.   You do NOT want to tell a hacker which part of the login process they have right or wrong.



My two cents.



Marcia,


CISA


View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
yvan
Tera Contributor
In response to marcia_jones

‎04-29-2016 12:04 PM

But lets say you wanted edit it anyway, where would you do that? To advise the use that their account is locked now due to too many failed login attempts, for example.


0 Helpfuls

Go to solution
vampyre82nd
Giga Expert
In response to yvan

‎02-02-2017 01:04 PM

Yvan,



The answer to your Question is



Specify lockout for failed login attempts



  • SNC User Lockout Check: Tracks the number of failed login attempts and locks the user account after a specified number of failed login attempts (default: 5).

//


// Check to see if the user has failed to login too many times


// when the limit is reached, lock the user out of the system


//


var gr = new GlideRecord("sys_user");


gr.addQuery("user_name", event.parm1.toString());


gr.query();


if (gr.next()) {


      gr.failed_attempts += 1;


      if (gr.failed_attempts > 2) {


            gr.locked_out = true;


            gr.update();


            gs.log("User " + event.parm1 + " locked out due to too many invalid login attempts");


    } else {


            gr.update();            


    }


}



Go to solution
Arun101
Kilo Contributor

‎01-22-2020 10:26 PM

I still haven't found the answer though. I have so many script includes. 

For eg. I have "BasicAuth" script include and trying to call it using URL(view_form.login). Basically how an angular post menthod from client script is connected to script include or how a client script is calling script include. Can anyone answer please?

0 Helpfuls