[wp-trac] [WordPress Trac] #5472: Case insensitive usernames

WordPress Trac wp-trac at lists.automattic.com
Sat Dec 15 22:58:57 GMT 2007


#5472: Case insensitive usernames
-------------------------+--------------------------------------------------
 Reporter:  mdawaffe     |       Owner:  anonymous
     Type:  enhancement  |      Status:  new      
 Priority:  normal       |   Milestone:  2.5      
Component:  General      |     Version:           
 Severity:  normal       |    Keywords:  has-patch
-------------------------+--------------------------------------------------
 We currently store usernames case insensitively (the default collations
 for MySQL are case insensitive).

 When we check to see if a username already exists, we do so case
 insensitively (for the same reason).

 When users log in, we require them to input there username case
 '''sensitively''' (there is an artificial, case sensitive check during
 login to ensure the supplied user name is the same as the username stored
 in the DB).

 Why the inconsistency? Why not let users type in their usernames case
 insensitively?

 Pros:
  1. Frontend consistency with backend.  All aspects of username case
 (in)sensitivity would be controlled by the collation on the user_login
 column of the users table.
  2. Fewer users who forget their usernames.

 Cons:
  1. Easier for "the bad guys" to fish for usernames.  The party line seems
 to be that it's easy to do that anyway, though.

 Attached:

  1. Removes artificial, case sensitive check.

 Other Options:
  1. The other way to remove inconsistency would be to be case sensitive
 everywhere.  We could alter the user_login column to varbinary or do
 user_login SELECTs with the BINARY operator.  There may be problems with
 that idea, though, coming from differences is charsets between different
 operating systems (or even browsers?).  Especially if you move your DB
 from one host to another.
  2. Keep as is.  WP 2.3.1 incorrectly reports "incorrect password" after a
 login attempt with a incorrectly cased username.  WP trunk reports the
 correct error: "incorrect username", so at least we're now giving the user
 the correct feedback.

 Opinions?

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5472>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list