Bryan Richter skreiv 04. juni 2016 03:47:
There are two situations where I'm not sure what the best action is.
IMO, the best solution (in both cases) is to *not* reveal that the use has (or hasn’t) an account. If I’m trying to be anonymous, i don’t want people to be able to find out whether I have an account at Snowdrift.coop. And if the user tries to create an account that already exists, *do* supply a ‘reset password’ link in the e-mail that is sent (but don’t automatically reset the password).
See also http://security.stackexchange.com/a/90354 -- Karl Ove Hufthammer _______________________________________________ Discuss mailing list Discuss@lists.snowdrift.coop https://lists.snowdrift.coop/mailman/listinfo/discuss
