Opened 3 years ago

Last modified 3 years ago

#16831 new enhancement

print policy-violation instead of useless error message

Reported by: stefan Owned by: deryni
Milestone: Component: XMPP
Version: 2.10.11 Keywords: user experience, xmpp, error message, policy violation


while trying to add an existing xmpp account, i happened to try the password multple times. resulting in an obvious policy violation.

however, pidgin doesn't display a useful error message, it just states that there was a policy violation, which isn't very helpful.

i had to use xmpp console, to see which policy i violated:

<error xmlns=''>
	<policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
	<text xmlns='urn:ietf:params:xml:ns:xmpp-streams' lang=''>Too many (6) failed authentications from this IP address (::FFFF:x.y.z.1). The address will be unblocked at 08:47:59 25.12.2015 UTC</text>

from a UX and security perspective it would make more sense to display the second message (even when it's not translated), since users may tend to try out different connection options first, which is a potential security risk (eg. no tls connection + allow plain text auth over unencrypted streams).

Change History (1)

comment:1 Changed 3 years ago by stefan

it seems to be reporting a misleading error message too: "You require encryption, but it is not available on this server."

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!