[#28] Enable paranoid mode to prevent account enumeration attacks

malparty · Jun 23, 2021 · 441cd24 · 441cd24
1 parent afd4b1e
commit 441cd24
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -90,7 +90,7 @@
   # It will change confirmation, password recovery and other workflows
   # to behave the same regardless if the e-mail provided was right or wrong.
   # Does not affect registerable.
-  # config.paranoid = true
+  config.paranoid = true
 
   # By default Devise will store the user in session. You can skip storage for
   # particular strategies by setting this option.