Closed Bug 726549 Opened 12 years ago Closed 12 years ago

check usernames against blacklist

Categories

(support.mozilla.org :: Users and Groups, task, P4)

Product:
support.mozilla.org
Component:
Users and Groups
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: atopal, Unassigned)

References

Details

bug 682818 only checks for exact matches of usernames, so adding any character to the usernames circumvents the check. Please check for substrings instead, so any username that includes one of the names on the blacklist should be blocked.
This is a clbuttic[1,2] error that ends up frustrating users. Lots of words match substrings, including plenty of names. Assumption, Cockburn, Scunthorpe, Penistone (for some reason, lots and lots of place names from the UK) shitake, Libshitz, and more.

I'd strongly advise against chasing this further than the existing blacklist.

[1] http://thedailywtf.com/Articles/The-Clbuttic-Mistake-.aspx
[2] http://en.wikipedia.org/wiki/Scunthorpe_problem
This is not for long form text input, but usernames only, and was the original intention in bug 682818.
Priority: -- → P4
(In reply to Kadir Topal [:atopal] from comment #2)
> This is not for long form text input, but usernames only, and was the
> original intention in bug 682818.

I am pretty sure we didn't do this because it is not possible to do without blocking valid usernames. Malicious users will always figure out how to get around whatever rule we have.
(In reply to Kadir Topal [:atopal] from comment #2)
> This is not for long form text input, but usernames only, and was the
> original intention in bug 682818.

I understand that and still deeply recommend against doing this. It will frustrate legitimate users and do nothing to stop already angry ones. W3_C4N7_570P_3V3RY7TH1N6.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Whiteboard: u=contributor c=user s=2012.4 p=
You need to log in before you can comment on or make changes to this bug.