Hacker News new | ask | show | jobs
by krallja 4463 days ago
Don't allow users to determine whether an email address is registered in your system. (Even if they click "forgot password" or "send money request").

More importantly, don't ever give the user the full name of someone whose email address they pulled out of thin air!
1 comments
nbody 4463 days ago
Seems viable, and if you had previous "relationship"/transaction with this user you can display name etc.
link