Is there a security reason not to reveal the existence of a user ID?

Posted by Chris on Stack Overflow See other posts from Stack Overflow or by Chris
Published on 2010-05-21T01:14:20Z Indexed on 2010/05/21 1:20 UTC
Read the original article Hit count: 243

Filed under:

security

|

General

|

login

I've noticed that on some sites, when you request a password reminder or sign in, they'll tell you if the user doesn't exist (I think Meetup does this). Other sites will simply say "the user/password combination is invalid" (Google, I believe, does this).

Is there a security reason for not revealing the existence of a user id?

© Stack Overflow or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about General

There is no web named - Sharepoint Event Hander

as seen on Stack Overflow - Search for 'Stack Overflow'
I activated following code with feature (web level scope). Now when i add an item to any document library it should create a folder "". No folder is created and no error is given either. can anyone see what's is going on? I got the following from the log file. I found similar code all over google… >>> More
General purpose physics engine

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there any general purpose physics engine that allows huge simulations of rigid bodies? I'm using PhysX from Nvidia, but the focus of this engine is game development, soft bodies. I want to know if exists physics engine that runs on top of PS3 cell processors or CUDA cores allowing massive scientific… >>> More
General type conversion without risking Exceptions

as seen on Stack Overflow - Search for 'Stack Overflow'
I am working on a control that can take a number of different datatypes (anything that implements IComparable). I need to be able to compare these with another variable passed in. If the main datatype is a DateTime, and I am passed a String, I need to attempt to convert the String to a DateTime… >>> More
Just a general THANK YOU to EVERYONE. [closed]

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi All, I really just wanted to thank everybody that participates in the stackoverflow community. On more than one occasion, your minds have saved me from soul-eating project managers and career-ending deadlines. The commendable awareness exhibited by contributors that their answers are studied/used… >>> More
Ruby/Rails display general screen when modifications being performed on server

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a ruby on rails app running a server and sometimes it needs to be taken down for updates/etc. As of now, one way I see to have a general display screen during update periods (when the app is down) is to substitute the files within /srv/www/ directory to just have it display a general screen… >>> More