Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: User Account Naming Security #234

Open
alexskr opened this issue Feb 28, 2025 · 1 comment
Open

security: User Account Naming Security #234

alexskr opened this issue Feb 28, 2025 · 1 comment

Comments

@alexskr
Copy link
Member

alexskr commented Feb 28, 2025
edited
Loading

This request addresses several security concerns regarding user account naming. The proposed changes aim to reduce potential vulnerabilities and ensure a consistent, secure handling of usernames across the system.

Proposed Changes:

  • Restrict usernames to alphanumeric characters plus a limited set of extra characters deemed safe.
    Period (.)
    Plus (+)
    Underscore (_)
    Dash (-)
    At symbol (@)
    Space ( )?
    Note: Further review may refine this list based on security best practices.

  • Case-Insensitive Uniqueness
    Usernames must be treated in a case-insensitive manner to prevent accounts such as Admin, admin and ADMIN from being considered distinct

  • Maximum Length Restriction

  • Blacklist of Reserved or Unsafe Usernames
    Prevent the registration of usernames that are known to be sensitive or prone to abuse, such as "admin", "root", "support", etc, that cannot be registered by end users.
@jonquet
Copy link

jonquet commented Feb 28, 2025

@muhammedBkf opinion?
(Mohamed is working in the security area)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexskr @jonquet