Re: bug reporting + imagetext security login; Re: Login error/refusal TW1.9.5
> ...
> But I don't know where to report it (except on this forum); don't know the technical language to report either, etc.?
Bringing it to people's attention here in the forums is a good start. ;-)
> Meanwhile, it's not that important, beacuse its only meant as an extra security.
> Isn't it possible to have another security to combat hackers, trying to break passwords?
I suspect there are other parts of Tiki (and most web programs) that are more susceptible to vulnerabilities than the login form.
> See: login E107 program test
> "Please enter text in image"; thought with TW it's only possible on registering, not on loggin-in?
Because when registering, any username and password can be entered; there's no "right" username/password needed for a new registration. In this situation, "Please enter text in image" (aka CAPTCHA) is a way to prevent scripts, spambots, etc. — that is, nonhuman agents — from registering (or from posting comments, if anonymous posting is allowed) at the site.
But to log in as a registered user, there is a "right" set of information that must be entered. This makes the "text in image" redundant or at best only useful in the case of a scripted brute force attempt. Apparently these haven't been a problem for Tiki login security.
-- Gary
;){kind=link}
;){kind=link}