Is there a security reason not to reveal the existence of a user ID?
Posted
by Chris
on Stack Overflow
See other posts from Stack Overflow
or by Chris
Published on 2010-05-21T01:14:20Z
Indexed on
2010/05/21
1:20 UTC
Read the original article
Hit count: 248
I've noticed that on some sites, when you request a password reminder or sign in, they'll tell you if the user doesn't exist (I think Meetup does this). Other sites will simply say "the user/password combination is invalid" (Google, I believe, does this).
Is there a security reason for not revealing the existence of a user id?
© Stack Overflow or respective owner