Disabling auth/user-not-found functionality

I have a React application with email & password sign in method available (implemented with firebase). In the log in form, if you enter incorrect email, you will get auth/user-not-found error as expected.

What are my options to disable this kind of behaviour? To me it seems to be a security risk where malicious user could query email addresses and see if the user exists on my platform or not.

Solution

You cannot disable what firebase would respond with, but you should handle the error in your client to show a less specific response.

try {
...
} catch (err) {
  if (err.code === 'auth/user-not-found') {
     alert("Invalid email address and/or password")
  } else {
    console.log("Other error handling method")
  }
}

How to solve FirebaseError: Expected first argument to collection() to be a CollectionReference, a DocumentReference or FirebaseFirestore problem?
How to get a specific value in firebase-realtime-database in swift 4.0
Firebase maximum projects and apps
Firebase auth: Update (not signed in user) password without use 'sendPasswordResetEmail'
Delete all users from firebase auth console
Creating firebase user with authentication information from Salesforce
Is there a way to use Google Firestore client in Python like in the Pyrebase library?
Flutter FirebaseAuth authStateChanges Not Navigating in initState
Firebase User Doesn't Have Constructor?
Firebase realtime database structure in chat app
node-red Firebase send notification
android.security.KeyStoreException: Signature/MAC verification failed
iOS and FirebaseCrashlytics
Will preventing AD_ID permission to be merged affect Firebase functionality?
Is it possible to use Firebase Realtime Database to implement a distributed mutex?
How to implement role based google authentication using Firebase
Firebase JS SDK `findNearest` function for Firestore Vector search
RxJs Compose a list of Observables and then combine (Firebase)
Flutter NSException: Configuration fails. It may be caused by an invalid GOOGLE_APP_ID in GoogleService-Info.plist or set in the customized options
How to setup FastAPI comunication with firestore through Pyrebase4
Best way to store Firebase admin private key file for AWS lambda
Upgraded angular versions and now getting error: "The AppComponent component is not marked as standalone"
QUOTA_EXCEEDED : Exceeded daily quota for email sign-in in spite of using my SMTP settings
Alternate of Authentication create trigger in 2nd Gen - Cloud Functions
firestore: PERMISSION_DENIED: Missing or insufficient permissions
Conditional rendering based on authentication security question
Firebase Authentication Emulator in Flutter on Android: `Logging in as [email protected] with empty reCAPTCHA token`
FireBase notification not working on new installs
is it safe to have 'firebase-messaging-sw.js" in public url
Defining memory for single firebase functions