Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

By default, the template messages expose information to the end user regarding the existence and validity of a user account, as well as other status information. The default messages make initial system familiarization and testing easier. Depending on the production deployment environment and security policy in place, the exposure of extra information can be easily limited by modifying the error messages accordingly. This will prevent brute force style attacks searching for valid user accounts at the expense of user friendliness.

Code Block
languagetext
themeRDark
titleExample system default messages in custom/messages/errors.properties
USER_NOT_FOUND = The user was not found
USER_NOT_IDENTIFIED = Cannot identify user
ACCOUNT_DISABLED = The user account is disabled
ACCOUNT_LOCKED = The user account is locked
ACCOUNT_INVALID = The user account is invalid
ACCOUNT_EXPIRED = The user account has expired
INVALID_CREDENTIALS = Invalid credentials


Code Block
languagetextthemeRDark
titleExample customized messages in custom/messages/errors.properties
USER_NOT_FOUND = The provided credentials are invalid.
USER_NOT_IDENTIFIED = The provided credentials are invalid.
ACCOUNT_DISABLED = The provided credentials are invalid.
ACCOUNT_LOCKED = The provided credentials are invalid.
ACCOUNT_INVALID = The provided credentials are invalid.
ACCOUNT_EXPIRED = The provided credentials are invalid.
INVALID_CREDENTIALS = The provided credentials are invalid.

...

For user support, the addition of error code numbers to the end of each localized message displayed could be used to assist support staff in quickly identifying error situations. Below, the same message in different languages gives the same error code to assist support staff in identifying the error in a multi-language user environment.

Code Block
languagetextthemeRDark
ACCOUNT_LOCKED = The provided credentials are invalid. [ERR0001]
ACCOUNT_LOCKED = Tunnistustiedot olivat väärät. [ERR0001]

...