Details
-
Improvement
-
Status: Closed
-
High
-
Resolution: Fixed
-
None
-
None
Description
- do not mention the version at the login page. This gives hackers more information about vulnerabilities. Instead show versio nr inside the CMS (not too deep please - e.g. not system/admin page)
- do not show message that a user is already logged in and will be logged out. This provides information about valid user names. Instead when clicking OK ask for conformation to proceed if user is already logged in and passed in credentials are valid.
- add metatag like <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> (to be verified) to the login page so robots won't pick it up.
Attachments
There are no Sub-Tasks for this issue.