As a Inactive user role if i login with Mendix login screen Its giving error like Username and password is incorrect but correct behaviour is like it should say Your account is not active
Steps : 1] From Administration screen created one X user and made active. 2] I was able to login with X user when it is active Now I once again logged in as Admin , I intentionally did inactive the user X 1] Now iam trying to login by user x it giving me error saying your account name or password is wrong but it should say like '’Account is inactive '’ If anyone has an idea to show the "Account is inactive ” message .
You could create your own login page and display more detailed error messages. However, it is an accepted practice to show a user as few details as possible when authentication fails, so that an attacker of your system can’t get the information either:
If it says: user does not exist, an attacker knows he should try a different user name
If it says: password is incorrect, the attacker now knows that the account exists
If it says: your account is disabled, the attacker now knows that the account exists and that the password is correct
By having a generic message, the attacker learns nothing.