Hello, great product. I'm using MySQL for the DB. All is working well. However, when a user enters the wrong user name or password or a combination of the two in the login.aspx page:
the following error message pops up "An error occurred: The given key was not present in the dictionary."
Is there a way to change this pop up message or to re-direct the user to another page for a more meaningful message?
Additionally, upon this error message, is there a way to force the password field to be cleared automatically?
If there is no way to currently address either of these two questions, please put the feature requests with your customer wish list for future release.
Thank you.
Shannon
6/30/2008 11:18 PM
Hi Shannon,
Thank you for reporting the problem. There was a code typo in v3.2 which broke the meaningfull message that was already displayed in previous versions.
I have sent you the fix via email. You will now receive "Invalid user or password" error message again as in previous versions. However if invalid logins reach the "maximum invalid login attempts" limit (5 by default) then you will receive the "too many invalid login attempts" error message (new feature in v3.2).
The password field is not cleared because the exact reason of the invalid login should not be mentioned for security reasons. Doing so would inform an intruder that he at least found out an existing username and he could try several passwords for that user.
Cem Alacayir
7/2/2008 7:10 PM
FYI, this fix is included in v3.2.2.
Cem Alacayir
7/3/2008 8:13 PM
Thanks for the outstanding response and fix to my issue. I installed the fix and everything is working perfectly.
The static password field makes perfect sense and I should have considered this and other security issues before posting my question.
Once again, thank you.
Shannon
7/4/2008 3:15 AM