Comments (5)
Grraahaam
commented on July 19, 2024
1
Just going through the issues and spotted this (sorry if I bring back up an old issue 😬 )
or tell them that this email is already taken.
IMHO to protect users from malicious people/attackers 🕵🏽 , we should never return a message like "Email already taken" since it's an useful information while scraping and brute-forcing.
We could although add a warning after X login attempts to ask the user if he want to reset his password, then if the current email is taken only its owner will know about the request, no one else and we'll keep our users safe ✌🏽
What do you think?
from infisical.
dangtony98
commented on July 19, 2024
1
@Grraahaam Agreed with this one.
For a security solution like Infisical, it's best that we don't leak that information and just tell them that the login was unsuccessful - leaking it confirms to bad actors that in fact such an account exists.
from infisical.
vmatsiiako
commented on July 19, 2024
1
Sounds good! Then I will close this one
from infisical.
miraimech
commented on July 19, 2024
hello! i can help
from infisical.
vmatsiiako
commented on July 19, 2024
Hi @sscla1! Thank you so much! That would be awesome! Would you be able to join our community Slack so that we can discuss there? Here is the link: https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g
from infisical.
Related Issues (20)
- [ENG-342] Too much recursion when creating a service token and changing the environment on Firefox HOT 5
- [ENG-343] CLI Login not working through Safari HOT 5
- [ENG-345] Secret Scanning for Self-Hosted?
- [ENG-346] Modal Integration HOT 2
- [ENG-350] client side error on add a new project
- [ENG-351] Manage service token with Terraform HOT 3
- [ENG-362] HSM Support
- Test Linear HOT 4
- Client side error while creating a vercel integration HOT 1
- [ENG-380] Create secrets from the overview page HOT 9
- Secret referencing not working through Terraform provider HOT 6
- Create departments/teams HOT 1
- Portainer integration HOT 3
- [docs] Secret reminders and secret override option HOT 2
- [Secret reminders] Multiple mails sent when set two or more days HOT 2
- [Secret reminders] Update current values HOT 1
- [Secret reminders] Removing existing reminder HOT 2
- Allow `infisical export` to sort variables alphabetically HOT 5
- Bitbucket Integration for self hosted not working HOT 6
- Auto reload pods for Argo Rollout HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from infisical.