On 04/12/2020 14:55, Adriano dos Santos Fernandes wrote:
On 04/12/2020 11:48, Mark Rotteveel wrote:
This behaviour is a security issue, it leaks existence or
non-existence of the user.
Is it a security issue in any website that if I try to create an account
and it says the user already exist?
It is if you are not logged in already! Account creation should only be
possible for a logged in user and only if they have sufficient
privilege. Ideally, an account creation attempt should also be logged.
However, if I recall, this is an area that needs work in Firebird - see
CORE-5786.
Adriano
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
