Perhaps a bug, perhaps a feature. You’d have to check with the BZ devs. I’ve seen some site security recommendations to NOT show a different message.
Personally, I doubt it really discourages hackers or makes their task harder and it just frustrates a user who isn’t sure what address he/she signed up with. Regards, Adrien > On May 15, 2018, at 3:55 PM, Frank H. Ellenberger > <frank.h.ellenber...@gmail.com> wrote: > > At first, IMHO there is a bg in bugzilla: > "A token for changing your password has been emailed to > frank.h.ellenber...@gmail.com. Follow the instructions in that email to > change your password." > But there is no email. If the user is not in the database the message > should be different. > Or an email should be sent "Sorry, I don't know you..." > > Creating a new account with a different address works. Email gets sent. > > Am 15.05.2018 um 20:35 schrieb Derek Atkins: > : > _______________________________________________ > gnucash-devel mailing list > gnucash-devel@gnucash.org > https://lists.gnucash.org/mailman/listinfo/gnucash-devel > _______________________________________________ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
