#53374 closed enhancement (duplicate)
Log in process reveals if an email address exists in the database
Reported by: | henry.wright | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
If an email address doesn't exist, this message is given when log in is attempted:
Unknown email address. Check again or try your username.
This, although debatable, isn't good practice.
Change History (2)
Note: See
TracTickets for help on using
tickets.
As mentioned on #53373, This is by design. There is a balance to be made between security and user-friendliness.
The decision to leave this alone has been made many many times as shown in the following tickets (if not others).
Related, duplicate: #3708, #4290, #5301, #12129, #22421, #31787, #45318