[wp-hackers] WordPress can "leak" if a username is valid
howachen at gmail.com
Tue Feb 19 04:43:26 GMT 2008
On Tue, Feb 19, 2008 at 4:36 AM, Alex Hempton-Smith
<hempsworth at googlemail.com> wrote:
> Sorry if this has already been discussed before, but I was just looking
> through the open tickets and saw this one:
> It was suggested in one of the closed duplicate tickets that this issue be
> discussed on wp-hackers to find out the general consensus.
> I'd personally like to see this go into the core, what do you guys think?
Take a look at Yahoo email registration and see how they protect "user
name guessing" thru their AJAX API.
More information about the wp-hackers