The canonical way of handling this so as not to leak information like that is
to do exactly the same thing UX wise for success and failures, and just update
the message to state that if an email address by that account has been
registered they will get an email soon.
On Friday, November 2, 20
Hi Lee,
What you propose certainly sounds reasonable -- anything that reduces the
exposure of valid accounts to an external source is a good thing, IMHO.
Did you have an alternative wording to suggest? If you do, please open a
ticket.
Yours,
Russ Magee %-)
On Fri, Nov 2, 2012 at 9:42 PM, Lee Tr
Hi all,
I wasn't sure if it was best to open a ticket or post to the dev group so
here I am...
I was curious what others thought about changing the default error in the
PasswordResetForm which currently displays "That e-mail address doesn't
have an associated user account. Are you sure you've
