On 04/12/2020 14:55, Adriano dos Santos Fernandes wrote:
On 04/12/2020 11:48, Mark Rotteveel wrote:

This behaviour is a security issue, it leaks existence or
non-existence of the user.

Is it a security issue in any website that if I try to create an account
and it says the user already exist?
It is if you are not logged in already! Account creation should only be possible for a logged in user and only if they have sufficient privilege. Ideally, an account creation attempt should also be logged. However, if I recall, this is an area that needs work in Firebird - see CORE-5786.


Adriano



Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel



Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to