mirror of https://gitlab.com/tildes/tildes.git
Browse Source
I get a fair number of "forgot password" emails where the person is actually trying to log in with the wrong username. Normally, a login system shouldn't display whether the username or password was the incorrect part, but since it's already public information which usernames exist on Tildes (simply by visiting /user/<username>), this really isn't meaningfully hiding anything. It would only have any effect on the most absolutely naive attackers. I think it's an acceptable trade-off to help out people that are inadvertently trying to log in with the wrong username instead.merge-requests/110/head
Deimos
5 years ago
1 changed files with 25 additions and 4 deletions
Loading…
Reference in new issue