check usernames against blacklist

RESOLVED WONTFIX

Status

support.mozilla.org
Users and Groups
P4
normal
RESOLVED WONTFIX
6 years ago
5 years ago

People

(Reporter: atopal, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
bug 682818 only checks for exact matches of usernames, so adding any character to the usernames circumvents the check. Please check for substrings instead, so any username that includes one of the names on the blacklist should be blocked.
This is a clbuttic[1,2] error that ends up frustrating users. Lots of words match substrings, including plenty of names. Assumption, Cockburn, Scunthorpe, Penistone (for some reason, lots and lots of place names from the UK) shitake, Libshitz, and more.

I'd strongly advise against chasing this further than the existing blacklist.

[1] http://thedailywtf.com/Articles/The-Clbuttic-Mistake-.aspx
[2] http://en.wikipedia.org/wiki/Scunthorpe_problem
(Reporter)

Comment 2

6 years ago
This is not for long form text input, but usernames only, and was the original intention in bug 682818.
(Reporter)

Updated

6 years ago
Priority: -- → P4
(In reply to Kadir Topal [:atopal] from comment #2)
> This is not for long form text input, but usernames only, and was the
> original intention in bug 682818.

I am pretty sure we didn't do this because it is not possible to do without blocking valid usernames. Malicious users will always figure out how to get around whatever rule we have.
(In reply to Kadir Topal [:atopal] from comment #2)
> This is not for long form text input, but usernames only, and was the
> original intention in bug 682818.

I understand that and still deeply recommend against doing this. It will frustrate legitimate users and do nothing to stop already angry ones. W3_C4N7_570P_3V3RY7TH1N6.
(Reporter)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
(Reporter)

Updated

6 years ago
Whiteboard: u=contributor c=user s=2012.4 p=
Duplicate of this bug: 909659
You need to log in before you can comment on or make changes to this bug.