----- Original Message ----- > I see you have different error messages during login for: > > > invalid email address > > user does not exist > > invalid password > > > > It might be better to return the same message for all so the hostile > hacker can't learn as much about your users.
Good point. I'd suggest - ERR XXX Login invalid to stdout and detailed info to syslog Solt
