Integration
This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
I understand the motivation for the current functionality. It would be nice if we had other options, perhaps sending an email to that account or adding configuration to allow the portal to display better error messaging. Really, anything other than the current functionality. Making it configurable would allow clients to enable the functionality that they need and assume the risks.
Hi Dan, I acknowledge the security concern. It is my understanding the system today displays a message indicating the registration was successful and an e-mail will be sent. However, the system never sends an e-mail. Would it be possible to change the behaviour so the success message remains but in addition an e-mail is sent to notify the owner of the e-mail address that someone attempted to signup with their e-mail address. Alternatively, that a generic unsuccessful message is displayed so the applicant knows something is wrong but not what is wrong.
This behavior is by design to not leak details of existing accounts already created in the system. By providing any other response message we would be confirming that the account typed in is a valid account in the system which sharing that information is a security risk.
For example: Gaining the understanding of existing accounts is the first step in most social engineering based security threats.
If you would like to provide additional details or suggestions that would not impact security please provide them here as comments. Otherwise without further details this idea will be closed in 30 days.