[TYPO3-dev] removing data-privacy from fe_login?
bernd wilke
xoonsji02 at sneakemail.com
Sat May 16 01:41:33 CEST 2009
I just read in typo3.german that there is planned a change of behavior in
fe_login with the request of forgotten passwords in 4.3:
instead of sending a mail to unknown emailaddresses with an errormessage
about unregistered emailaddress there should be an errormessage on the
screen.
if this is the new behaviour, everyone can spy on registered
emailadresses:
just enter an emailaddress.
- If you get the message of unknown emailaddress you know nothing.
- But if you get the message about a send email (with password or link to
reset password) you know that the owner of this emailaddress is
registered on this site and that this emailaddress is valid and probably
in use.
depending on the subject of the site this could be a sever loss of data-
privacy for the email-owner.
can anyone give me some more information?
will it be configurable or hard-coded?
bernd
--
http://www.pi-phi.de/t3v4/cheatsheet.html
More information about the TYPO3-dev
mailing list