A minor improvement in Ruby on Rails Authlogic (06 dec 12)
Used carelessly, Authlogic's user_sessions_controller might give too much away. If a user fails to log in (action user_sessions_controller.create) and displays the errors in @user_sesssion, it might say 'password incorrect' or 'email incorrect' - this gives too many clues to a cracker *. I made the code in 'create' give a more generic message:
# This used to say errs = @user_session.errors.full_messages.join( ' ' )
* 'Cracker' is the correct term for what the media calls a 'hacker'. A hacker is just a programmer.