[UFO Chicago] Apache case-insensitive username matching with .htaccess directives?
Brian Sobolak
brian at planetshwoop.com
Tue Apr 14 17:05:26 PDT 2009
On Tue, April 14, 2009 2:13 pm, Jay F Shachter wrote:
> Centuries ago, Nostradamus predicted that Jesse Becker would write on Tue
> Apr 14 13:00:13 2009:
>
>>
>> While I completely agree that all permutations of upper and
>> lowercase is impractical, there is a middle ground.
>>
>> I'm willing to bet that over 99% of the attempted usernames will fit
>> one of these three forms:
>> username
>> Username
>> USERNAME
>>
>> This changes the length from 2^N to 3N--a pretty substantial
>> improvement, even if still not ideal.
>>
>
> Alas, the usernames are originally (they can change) the user's
> electronic addresses. Think in terms of "first.last at example.com".
> There are a lot more than 3 likely possibilities:
>
> first.last at example.com
> First.Last at example.com
> first.last at Example.com
> first.last at Example.Com
> first.last at Example.COM
> First.Last at Example.COM
> first.last at EXAMPLE.COM
>
> ... you get the idea. It really isn't practical. Now, .htaccess
> files that request case-insensitive usernames -- that would be
> practical.
Is using an email address a requirement? Why not simply use an easy to
remember number that one could associate with a password:
- the last 4 digits of your primary phone number
- the numbers in your house address
- the month and year you were born
etc etc
I'm not especially sure why you are so concerned about case sensitivity.
I don't think it's out of the question for people to use all lower case
when configuring logins, and a helpful directive from you could encourage
the user that way.
> Surely someone else has wanted this too; I can't possibly
> be breaking new ground here.
Oh Jay! Windows has had this "feature" for YEARS!
brian
--
More information about the ufo
mailing list