Be a Supporter!

What if email's already registered?

  • 583 Views
  • 3 Replies
New Topic Respond to this Topic
tpm
tpm
  • Member since: Dec. 15, 1999
  • Offline.
Forum Stats
Member
Level 13
Blank Slate
What if email's already registered? 2006-11-06 08:41:39 Reply

I've been building a user management system, and I use the email for login, so an email should only appear once in the database. This means, that when a person tries to register with an email that already is registered, it won't let them. But I see a privacy problem here. "Anyone" can try to register with victims_email@blah.com, and find out if they are a member or not. Hmm, let's see if tfulp@fast.net is a member of fatnakedchicks.com by seeing if it lets us register or not. Get the picture?

So my question to you is, if the email is already registered, how would you handle it, without giving away the fact that the email is already registered? I'm thinking of just giving them the same "success" page as if it was a successful registration, but without actually doing anything.

Jessii
Jessii
  • Member since: Feb. 10, 2005
  • Offline.
Forum Stats
Member
Level 36
Movie Buff
Response to What if email's already registered? 2006-11-06 08:48:59 Reply

Why not just do user names rather than email addresses? User names are unique and won't cause any of the privacy issues that you want to avoid if someone was to register with that name and you can say "sorry, that name is already taken, please try another one" or something like that.

tpm
tpm
  • Member since: Dec. 15, 1999
  • Offline.
Forum Stats
Member
Level 13
Blank Slate
Response to What if email's already registered? 2006-11-06 09:05:07 Reply

Yes, but even with unique usernames, the email still has to be unique for the password reminder to work. The password reminder I see on lots of sites is an even easier way to mine data, they will tell you either "activation link sent!" or "email not found", which is too much information to be giving out to people.

Taylor
Taylor
  • Member since: Aug. 19, 2003
  • Offline.
Forum Stats
Member
Level 09
Blank Slate
Response to What if email's already registered? 2006-11-06 10:26:59 Reply

Nah, almost every membership software requires unique email.

You're fine - its not a big privacy issue.