On 04/12/2020 12:06, Tony Whyman wrote: > > On 04/12/2020 14:55, Adriano dos Santos Fernandes wrote: >> On 04/12/2020 11:48, Mark Rotteveel wrote: >>> >>> This behaviour is a security issue, it leaks existence or >>> non-existence of the user. >>> >> Is it a security issue in any website that if I try to create an account >> and it says the user already exist? > It is if you are not logged in already! Account creation should only > be possible for a logged in user and only if they have sufficient > privilege. Ideally, an account creation attempt should also be logged. > However, if I recall, this is an area that needs work in Firebird - > see CORE-5786.
So to create a google e-mail I need to have an e-mail? And if the e-mail already exist, it should say another error than showing that the e-mail already exists? Adriano Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
