On Aug 24, 2009, at 8:18 AM, Adrian Howard wrote:
On 24 Aug 2009, at 05:27, Corn Walker wrote:
[snip]
One way to address this without compromising security is to send an
email with the error report to the non-registered address instead
of displaying the error on the web page. In this way the user still
receives valuable feedback (with a link back to site registration
if appropriate) while automated bots are unable to ascertain
whether the address was valid or not.
[snip]
The case where this falls down for the customer is if they mistype
the e-mail address rather than giving the incorrect one... but I
agree it is one solution.
Sorry for coming back to this late...
The web page might display "A message was sent to your email address: [email protected]
. Didn't receive it?" which would prompt the user to check their email
for the lost password and, if they entered an incorrect email address,
prompt a revisit to the site to try again.
Cheers,
-corn
Corn Walker
The Proof Group
http://proofgroup.com/
________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... [email protected]
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help
