Hi, I was wondering if there was any way to change the login error message
when a user tries to log in with a correct username but incorrect password
to be the same as the error given when they try to log in with an incorrect
password? I dont want a potential attacker to be able to know if a username
is valid or not.
Cheers
Keir