-
secure-sw-dev-fundamentals
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Exactly, if you reveal that an account exists when you just type in an email address, then you have a privacy failure and probably a security failure.
For example, the OpenSSF's secure software development fundamentals course <https://openssf.org/training/courses/> in its section on minimizing feedback <https://github.com/ossf/secure-sw-dev-fundamentals/blob/main...> says:
* If a user tries to create an account using an email address, don't tell the user if an account with that email address already exists. Similarly, if a user tries to do a password reset using an email address, don't tell the user if there is no account with that email address. Providing that information would allow an attacker to determine if a specific email address is being used (or not) by some existing account.
Now for the unpopular take: not everyone lives in the US. The GDPR requires protection of personally-identifying information, and in many cases that includes email addresses that identify individuals. There are exceptions, but it's typically better to keep email addresses private unless the user specifically authorizes it.