Hello,
Another security related question/suggestion. When using the Forgot Password link in Omeka Classic it gives you a positive response, “Please check your email for a link to reset your password” if an account exists and a negative response “Unable to reset password” if the email entered does not exist which allows discovery of valid user accounts. This could be convenient but also could be considered a security risk.
Is it possible to give a positive response by default for all password reset requests in Classic?
Has this been considered for security in Omeka S development?
Thanks,
Tom