The canonical way of handling this so as not to leak information like that is to do exactly the same thing UX wise for success and failures, and just update the message to state that if an email address by that account has been registered they will get an email soon.
On Friday, November 2, 2012 at 9:18 PM, Russell Keith-Magee wrote: > Hi Lee, > > What you propose certainly sounds reasonable -- anything that reduces the > exposure of valid accounts to an external source is a good thing, IMHO. > > Did you have an alternative wording to suggest? If you do, please open a > ticket. > > Yours, > Russ Magee %-) > > On Fri, Nov 2, 2012 at 9:42 PM, Lee Trout <leetr...@gmail.com > (mailto:leetr...@gmail.com)> wrote: > > Hi all, > > > > I wasn't sure if it was best to open a ticket or post to the dev group so > > here I am... > > > > I was curious what others thought about changing the default error in the > > PasswordResetForm which currently displays "That e-mail address doesn't > > have an associated user account. Are you sure you've registered?". > > > > I feel like there could be a better default that doesn't expose the fact > > that an email may or may not be in use. (And that probably goes for the > > unusable password error, too.) > > > > Relevant bits: > > https://github.com/django/django/blob/stable/1.4.x/django/contrib/auth/forms.py#L191 > > > > Lee > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django developers" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/django-developers/-/9EylAZDthMsJ. > > To post to this group, send email to django-developers@googlegroups.com > > (mailto:django-developers@googlegroups.com). > > To unsubscribe from this group, send email to > > django-developers+unsubscr...@googlegroups.com > > (mailto:django-developers%2bunsubscr...@googlegroups.com). > > For more options, visit this group at > > http://groups.google.com/group/django-developers?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to django-developers@googlegroups.com > (mailto:django-developers@googlegroups.com). > To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com > (mailto:django-developers+unsubscr...@googlegroups.com). > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
