|
|
|
|
|
|
by mootothemax
5077 days ago
|
|
|
So the variant of always sending an email and always accepting the registration provides the required benefit with a minor drawback. Ah OK thanks, I understand now. (have a headcold that is confusing me right now, so if in doubt, it's my fault ;) I think that the only thing were quibbling about is what a "minor drawback" is to each one of us. For me, it's not such a minor issue, but it's been an enlightening conversation with you, so thanks :) |
|
|
I agree. But that's always the case with security and I think in this case you can easily fix the drawback with a clear messaging such as "This is what you entered: (replay form data). You should receive a confirmation email within (x) minute. If you don't make sure the email you entered is correct." You'll need that message anyways to catch those users that enter a completely false email address anyways.