Welcome, Guest
Username: Password: Remember me
1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts. :side:
Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!" ;)
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the strikethrough member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.
  • Page:
  • 1

TOPIC:

Do not show pop-up with users on the login screen 1 month 3 days ago #93987

  • tm123
  • tm123's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 4
  • Thank you received: 0
When loggin in there is this functionality that shows member names after typing first 4 characters:Enter your E-mail, Name, or Username, then select your Name or Username from the pop-up list that displays.
I don't think it's a good idea - it's leaking the names of all the members, even if they choose not to make their name public.
I didn't find anything in the settings to disable this behaviour.
I would suggest to remove it completely.

Please Log in or Create an account to join the conversation.

Do not show pop-up with users on the login screen 1 month 3 days ago #93992

  • NotLiable
  • NotLiable's Avatar
  • Offline
  • FreeToastHost Ambassador
  • FreeToastHost Ambassador
  • Posts: 233
  • Thank you received: 37
The pop-up list that displays is an auto-complete feature in the underlying code.  While yes, it does show names of members who have chosen not to make their profile public (which only shows name and member/officer status as a minimum), I don't see where this is terribly problematic.  Are those members, for whatever reason, totally reluctant to even admit that they are club members?
Yes, you are correct, that there is presently no disable setting, but again, I fail to see how this make-it-faster-and-easier-for-me-to-log-in feature is so troubling.
 
Club #9376 www.WeTheSpeakers.org
Club #3474192 IPT.ToastmastersClubs.org

Please Log in or Create an account to join the conversation.

Do not show pop-up with users on the login screen 1 month 2 days ago #93996

  • tm123
  • tm123's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 4
  • Thank you received: 0
To make it simple - it is not about user's preference - it is a security risk. It allows potential attacker to gather valid user names and then use another attack (ie password staffing) to break into that account.
Do not just believe me - have a look at "Account Enumeration" vulnerability, for example:
owasp.org/www-project-web-security-testi...essable_User_Account
www.virtuesecurity.com/kb/username-enumeration/

Please consider removing it from the code completely.

Please Log in or Create an account to join the conversation.

Do not show pop-up with users on the login screen 1 month 2 days ago #93998

  • Brian
  • Brian's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 12016
  • Thank you received: 3948
Your issue has already been addressed. Those who do not want their name exposed can use the Username option.

 

Thank you,

Brian McDonald DTM, PDD D61
FTH Lead Technical Support
member Cataraqui Valley Toastmaster 9560
The following user(s) said Thank You: Jane Atkinson

Please Log in or Create an account to join the conversation.

Last edit: by Jane Atkinson.
  • Page:
  • 1
Moderators: Pamrhtaylor3jliumarc33NotLiabledeedubbleyooNSBPhyllis Kirouac
Time to create page: 0.034 seconds
Powered by Kunena Forum