josevalim
commented
3 years ago This is fantastic! Can you please send a PR to Phoenix too? The code has already been merged, so we need to port all changes. :)
Closed mveytsman closed 3 years ago
josevalim
commented
3 years ago This is fantastic! Can you please send a PR to Phoenix too? The code has already been merged, so we need to port all changes. :)
mveytsman
commented
3 years ago Ooops I just realized this is in Phoenix now.
josevalim
commented
3 years ago :green_heart: :blue_heart: :purple_heart: :yellow_heart: :heart:
mveytsman
commented
3 years ago @josevalim how are you so fast 🤯 Will add this to phoenix
Following up from a conversation in #elixir-lang on IRC today, this PR clarifies the docs a little bit about what enumeration attacks are, and adds a bit more detail to the generated comments so that the reader knows what to google when they come across this code.
I also changed the name to "User Enumeration." In my experience I've seen this attack called "user enumeration" or "account enumeration" (e.g. see https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html for example usage). I think enumeration on it's own implies something is being enumerated but it doesn't make clear what it is.