Menu
▾
▴
[Unity-idm-discuss] Feature request: case-insensitive userNames
|
From: D B. <ba...@aw...> - 2020-03-24 16:09:06
|
Hi! just found that on my unity instance I can register as separate entities with userNames "dbaum", "DBaum", "DbAuM", etc. In itself, I find this a little confusing for the moderators/admins (remembering that DBaum and dbaum can be different people). However, my unity clients don't all take capitalisation into account when retrieving user data (see, e.g. https://stackoverflow.com/questions/44821863/spring-boot-security-consider-case-insensitive-username-check-for-login/) I realise that this could be exploited to hijack a user's account if you know the username, by registering the same username with different capitalisation in unity and then logging into the client. Now, I've fixed this on the client side for my setup (where it should be fixed). But can I ask that you consider adding a feature where users are prevented from registering entities with usernames that differ from existing ones only in capitalisation? Cheers D |
