This help site has been deprecated. Please send your requests to support@rubygems.org

Change Reset Password logic to display error message if email address is not known.

Keith Pitty's Avatar

Keith Pitty

12 Nov, 2015 06:12 AM

This would lead to a clearer and less potentially confusing user experience.

  1. Support Staff 1 Posted by Eric Hodel on 12 Nov, 2015 08:34 AM

    Eric Hodel's Avatar

    For security reasons we cannot make this change.

    If we returned a different response depending on if an email existed in rubygems.org or not an attacker could use this information to determine which email addresses were tied to accounts on rubygems.org. They could possibly leverage this to take control of an account and upload malicious gems.

  2. Eric Hodel closed this discussion on 12 Nov, 2015 08:34 AM.

  3. Keith Pitty re-opened this discussion on 12 Nov, 2015 10:10 AM

  4. 2 Posted by Keith Pitty on 12 Nov, 2015 10:10 AM

    Keith Pitty's Avatar

    Fair enough. In that case, perhaps the message could be changed to say something along the lines of “if we have a record of your email address you will receive an email in the next few minutes”.

Discussions are closed to public comments.
If you need help with RubyGems.org please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac