WebAppSec/Secure Coding Guidelines: Difference between revisions

Jump to navigation Jump to search

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 16:22, 1 September 2011

185 bytes added ,  1 September 2011
→‎Secure Coding Guidelines
Line 66: Line 66:


We do not want to provide any information that would allow an attacker to determine if an entered username/email address is valid or invalid. Otherwise an attacker could enumerate valid accounts for phishing attacks or brute force attack.
We do not want to provide any information that would allow an attacker to determine if an entered username/email address is valid or invalid. Otherwise an attacker could enumerate valid accounts for phishing attacks or brute force attack.
=== Email Change and Verification Functions ===
Email verification links should not provide the user with an authenticated session.
Email verification codes must expire after 8 hours.


===Password Storage===
===Password Storage===
Mgoodwin
Confirmed users
81

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/345830"

Navigation menu