I was thinking of having a third-party trusted services that compares the hash of the deployed application to the one they independently compiled themselves.
But the complexity is nontrivial and there is enough variations between the output of the same source code across different build environments that would make hashes useless.
Another possibility is having trusted compilers that would send link the source code to the build in a trusted repository.
Upon entering a valid email (whether it is already registered or not) the form will show the following notification "an email was sent to [email protected] with the sign up instructions, please follow the link in the email to continue the registration" (rewrite for more concise message)
If the user already exists the email will be a warning + a link to the password reset form
If the user does not exist, the email will be a link that confirms the ownership of the email address and the rest of the registration process.
An attacker trying to guess if an email is registered would not know, because the form does not give away that info.
It is a feature [0].
Microsoft office products allow for "macros" which are Visual Basic code embedded within a document or a worksheet that can be used by developers to add extra functionalities to their MS files (e.g. validate all data in a work sheet after a user clicks a specific button in the worksheet).
Just like any programming language, it could be used maliciously, and there is no easy way to distinguish which macro-enabled file is safe and which isn't (without going through the code yourself prior to enabling the functionality)
I hope you don't mind me asking, but I would really appreciate if you could share the curriculum you have been working on, or if you could share you experience.
I am currently trying to do the same, so I would appreciate any form of help I can get.
It worked instantly.