|
|
|
|
|
|
by Tainnor
1300 days ago
|
|
|
> but checking if the email/username already exists is a separate endpoint that the frontend hits I'm sure this happens in some cases, but it's definitely not a good practice, would hopefully get flagged by any pentesting or security audit, and also, most people use some sort of framework for auth (devise for Rails, Spring Security for JVM, or similar) - and those usually don't work in that way. |
|
|