No! I cannot! I will not! You can't make me!!!!1!

[spudtater]

Excerpt from the assignment given as part of the "server-side programming" module:

If the username and password are not correct, open a window, displaying “The login failed!”. Also display whether username or password is incorrect.

To all non-programmers on my friends list: can you figure out why this would be a bad and wrong thing to do?   8^]

Comments

[zombywuf.livejournal.com]

Although this is often viewed as bad usernames are usually so widely exposed (email addresses, "the username is already taken", etc...) that it's not a huge risk. Of course if the system ever tells you you got the password right but not the username it's very bad and wrong. I think there was a dailwtf where the system showed an error if you signed up with the same password as someone else.

[spudtater.livejournal.com]

I interpreted the sentence as meaning "if the user has the correct password, but not username, then tell him so". But on re-reading I can see that it does leave itself open to other interpretations.

A system which says one of "username does not exist" or "password incorrect" (as I believe Livejournal will do) is fine, and in fact is what I'll probably actually implement for the assignment.