Detailed Authentication Errors
By default, Planka uses generic authentication error messages to avoid revealing sensitive information to potential attackers.
Enable Detailed Error Messages
To aid in debugging or improve user experience, you can enable more specific error messages, such as:
- "Invalid email or username"
- "Invalid password"
Set the following environment variable in your .env
file or Docker environment:
SHOW_DETAILED_AUTH_ERRORS=true
After setting this, restart the application for the change to take effect.
Security Warning
danger
Do not enable detailed authentication errors in production without proper protections.
Detailed error messages can help attackers perform brute force or enumeration attacks.
You should:
- Enable rate limiting
- Use Fail2Ban or a similar tool
- Monitor logs for unusual login activity
Further Reading
For more insights on secure authentication practices, see: OWASP Authentication Cheat Sheet.