Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd prefer to not create brute force vulnerability that leaks the site's list of user email addresses to an attacker.


As the article points out, this leaks it no more than trying to register an email address.


Which can be prevented by sending an confirmation email at a signup, no matter if a new account or an existing one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: