Matias wrote: Nope, it's not security flaw. Almost every system displays username to other users and the way to protect the names is to have decent password. You can see my login name without logging in at Joomla forums, Joomlacode, github, transifex (and the list goes on)..
Username (or email) is used as identifier in most software because of display names aren't unique.
I also would have to agree with Winuser, about the username vs the Display Name and did bring this up to administrators at the joomla forums and extensions site a year or more ago. Why even have the two names then? It makes no sense to have two names and any secure site keeps the "Username" hidden from the public just like a password for that extra added protection. Giving the user name to the public removes 50% of the security to a users credentials.
At least joomla gives you the option to use either username or display name for public view and I always set the display name to show, not the username....
Also with some thought members/users of both joomla and your forum software would prefer to only show the "Display Name" with the rampant security breeches to the software that has always plagued the community.
Labeling the real name to the "Display Name" also tells new registering users what name will be displayed to reduce confusion when they enter their private information vs what is publicly displayed. I find most new users registering really don't know what the difference is. They end up entering the same name for both username and the real name basically creating a redundant waste that has no additional security added to the users private information/login credentials.
Therefore why have both in the first place if its not used for extra security???
I truly never understood the this blunder!
Cheers!
IRISH
