login and forgot password feedback for users valid with OWASP recommedations
mfederowicz opened this issue · comments
Hi @KalleHallden I know that login feedback for users were raised in that PR
but for seucrity reasons i think will be good to use OWASP recommendations for that kind of labels (ie: dont inform user that used credentials match/dont match to existing accout)
source of correct and incorrect responses
Hmm, it is not good to give users access to system without veryfication of email account. I know that application is in early development stage, but maybe it is good point to think about it :)
Yeah I think this is a good thing to correct as well.
@all-contributors please add @suzanpradhan for project management and ideas & planning
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Thank you for your contributions.