username allowable characters

2003-02-27
2003-03-03
  • Jonathan Ellis
    Jonathan Ellis
    2003-02-27

    validateUserId restricts usernames to alphanumeric chars.  Is there any reason not to extend this to, say, the characters IRC allows?  [alphanumeric + {'\', '^', '`', '|', '[', ']', '{', '}', '_', '-'}]  How about additionally parentheses and apostrophes?

     
    • Actually the underscore and hyphen are allowed. As for the others, I do not see any reason why they shouldn't be allowed.

       

    • Anonymous
      2003-03-02

      I see a reason, from the security point of view, I think it's not advisable to allow any character that are used by an operation system for special cases (e.g. '`' and '\' ).

       
    • Jonathan Ellis
      Jonathan Ellis
      2003-03-03

      since neither client nor server passes strings out to the OS, and there are techniques to un-taint such strings if some (client) developer ever wants to, I don't see this as a very compelling reason.