[UFO Chicago] Apache case-insensitive username matching with .htaccess directives?

Brian Sobolak brian at planetshwoop.com
Tue Apr 14 17:05:26 PDT 2009

On Tue, April 14, 2009 2:13 pm, Jay F Shachter wrote:
> Centuries ago, Nostradamus predicted that Jesse Becker would write on Tue
> Apr 14 13:00:13 2009:
>> While I completely agree that all permutations of upper and
>> lowercase is impractical, there is a middle ground.
>> I'm willing to bet that over 99% of the attempted usernames will fit
>> one of these three forms:
>>   username
>>   Username
>> This changes the length from 2^N to 3N--a pretty substantial
>> improvement, even if still not ideal.
> Alas, the usernames are originally (they can change) the user's
> electronic addresses.  Think in terms of "first.last at example.com".
> There are a lot more than 3 likely possibilities:
>   first.last at example.com
>   First.Last at example.com
>   first.last at Example.com
>   first.last at Example.Com
>   first.last at Example.COM
>   First.Last at Example.COM
>   first.last at EXAMPLE.COM
> ... you get the idea.  It really isn't practical.  Now, .htaccess
> files that request case-insensitive usernames -- that would be
> practical.

Is using an email address a requirement?  Why not simply use an easy to
remember number that one could associate with a password:
  - the last 4 digits of your primary phone number
  - the numbers in your house address
  - the month and year you were born

etc etc

I'm not especially sure why you are so concerned about case sensitivity. 
I don't think it's out of the question for people to use all lower case
when configuring logins, and a helpful directive from you could encourage
the user that way.

> Surely someone else has wanted this too; I can't possibly
> be breaking new ground here.

Oh Jay!  Windows has had this "feature" for YEARS!



More information about the ufo mailing list