This sort of approach will leak information about what usernames exist in the sy... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		camccann on Nov 14, 2009 \| parent \| context \| favorite \| on: Log in or sign up? This sort of approach will leak information about what usernames exist in the system, which has security implications. Depending on the nature of the application you may or may not need to worry about this (e.g., obviously irrelevant if the site has a user list that shows the login names).

jonknee on Nov 14, 2009 [–]

Most sign up forms give away that information anyway--try putting in a name or email that's already taken and you'll get a form validation error.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact