[Security concern] Don't show if a username exists
Hi,
Writer
Get Started. Write Away!
It would be much better from a security perspective if you won't show if a username doesn't exist. By confirming that an account does not exist, it is implied that when the message is not shown the account, does exist. This creates opportunities for hackers to brute force and find all possible e-mail-addresses that exist on the Zoho servers.
It is unnecessary to show if an account exists or not. Just show a message; unknown e-mail address and/or password like all other main websites do.. for a good reason.
Thank you,
Mark
Access your files securely from anywhere
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Mark Engelhart
meltingpot2015
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho DataPrep Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho Campaigns Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー