Hacker News new | past | comments | ask | show | jobs | submit login

"An application should respond with a generic error message regardless of whether the user ID or password was incorrect. It should also give no indication to the status of an existing account."

If so.. then how to respond on user registration page when someone tries to open a new account with username / email address of an existing account?

    cat registrationError.php

    <?php echo "we don't want your kind here. go away." ?>

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact