user register with duplicate email, you can add a specific message #658
Comments
|
My thoughts: This would confirm to a potential hacker that the email address does exist which is generally frowned upon. https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Authentication_and_Error_Messages Maybe its possible to provide a token that can be overridden if this is the desired behaviour? |
|
I think usability comes first. |
|
This is perhaps an opportunity to get the best of both, a configurable setting that controls the verbosity of feedback messages would be a really nice feature. The tokenized strings containing the sort of feedback you are looking for is already in the exceptions thrown by the validate method of RegisterBehaviour.
In an ideal world I would agree, usability is king :) but where I work though my head would be on a stick for suggesting that :) |
Hi,
if you try make a registration with an email already used, you receive the generic message (the user could not be saved).
Is it posibile add a specific message for this exception?
Ex: this email is already associated with another user.
Thanks a lot
D.
The text was updated successfully, but these errors were encountered: