Does this library have any protection or mitigation against email address enumeration?
With PASSWORDLESS_REGISTER_NEW_USERS set to False, and emails sent synchronously, I would expect the response time to be higher for a registered vs an unregistered user. This type of attack may also be possible even if email is sent asynchronously.
If not does anyone have a clean way to mitigate email enumeration while using this library?
Does this library have any protection or mitigation against email address enumeration?
With PASSWORDLESS_REGISTER_NEW_USERS set to False, and emails sent synchronously, I would expect the response time to be higher for a registered vs an unregistered user. This type of attack may also be possible even if email is sent asynchronously.
If not does anyone have a clean way to mitigate email enumeration while using this library?