The page for this module says:

An admin checkbox option has been added to make username the same as email. Note that this presents a security problem -- which is hard to solve. Please use with caution.

I can't seem to find an explanation of what the security problem is or why it's hard to solve. Can somebody elaborate a bit, or point me to a place with more information?

Thanks!

Comments

vm’s picture

vm commented

I think the issue will be that the email addresses won't be secure and email harvesters will be able to get the email address with little effort as the email addresses will be displayed through out the site.

Eventually users of your site will start getting spam emails from those who harvested the email addresses.

scottgifford’s picture

scottgifford commented

Ah, OK, so it's more an issue of user privacy than the security of the site itself. Thanks for the explanation!

vm’s picture

vm commented

Yea that is my assumption. I'd let someone else confirm though.

scottgifford’s picture

scottgifford commented
Status: Active » Closed (fixed)

OK, thanks VeryMisunderstood, that explanation is good enough for me!