登录接口安全评审
让模型审查常见登录接口安全缺陷。
Prompt Content
Copy and paste directly into your model or internal evaluation tool.
一个登录接口返回“用户不存在”和“密码错误”两种不同错误,并且失败 10 次后才锁定账号。请从攻击者视角列出风险,再给出不破坏用户体验的改进方案。
Use Cases
Reference Output
风险包括枚举用户、撞库、锁定滥用。改进包括统一错误、渐进式限流、风险验证、审计和告警。
Scoring Rubric
重点看是否同时考虑安全和体验,而不是只说统一错误。
User Rating
0 ratingsYour rating
Log in to rate
Comments
0Log in to comment
Related Prompts
Interactive Codebase Course Architect
Transforms any codebase into a beautiful, interactive single-page HTML course that teaches how the code works — no setup required, runs entirely in the browser
HTML PPT Studio Designer
A professional static HTML presentation generator with 36 themes, 15 full-deck templates, 31 page layouts, and 47 animations. Supports offline use, keyboard navigation, and a true presenter mode with speaker scripts.
Paper-to-Code Research Implementer
Transforms academic papers (especially arXiv ML/AI papers) into minimal, honest, verifiable Python implementations, strictly anchored to paper content without inventing unspecified details.
Jetpack Compose Architecture Review Assistant
This prompt guides senior Android engineers in conducting architectural reviews of Jetpack Compose code, covering state management, recomposition performance, side-effect handling, Flow modeling, accessibility, and code hygiene, with BAD/GOOD examples and prioritized remediation guidance.