当用户名错误时,为什么 GetErrorMessage 返回“密码错误”?
GetErrorMessage (来自 CInternetException)给了我以下:
FTP 服务器名称不正确:
“错误!无法解析服务器名称或地址”
密码不正确:
错误!密码不被允许
用户名不正确:
错误! 密码不允许 <-----?用户名不正确时没有单独的消息吗?这是故意的吗?
try
{
pConnect = sess->GetFtpConnection(host, userName, password, port, FALSE );
}
catch (CInternetException* pEx) //incorrect user name displays incorrect password?
{
TCHAR sz[1024];
pEx->GetErrorMessage(sz, 1024);
printf("ERROR! %s\n", sz);
pEx->Delete();
}
GetErrorMessage (from CInternetException) gives me the following:
With the incorrect ftp server name:
"ERROR! The server name or address could not be resolved"
With the incorrect password:
ERROR! The password was not allowed
With the incorrect user name:
ERROR! The password was not allowed <-----? NO separate message for incorrect username? Is this intended?
try
{
pConnect = sess->GetFtpConnection(host, userName, password, port, FALSE );
}
catch (CInternetException* pEx) //incorrect user name displays incorrect password?
{
TCHAR sz[1024];
pEx->GetErrorMessage(sz, 1024);
printf("ERROR! %s\n", sz);
pEx->Delete();
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是的,这是有意的。典型的 FTP 服务器不会区分无效密码和无效用户名。这是出于安全原因,因此攻击者无法通过暴力方式发现有效的用户名。
Yes that is intended. A typical FTP server will not distinguish between an invalid password and an invalid username. This is for security reasons, so e.g. attackers can't brute force their way to discover valid usernames.