On 04/30/2016 11:28 AM, Alice Wonder wrote:
Is there any advice on characters to allow in usernames?
...
I don't think a whitelist alphabet is best approach because of people
with names that are not spelled with Latin characters.
Is there an existing blacklist of characters that technically legal
but are generally avoided in e-mail addresses?
The RFC uses a list of allowed characters, and so must you.
My advice is, first, don't write this yourself. There is almost
certainly a library for validating RFC-compliant usernames in whatever
programming language you use; locate one and use it.
Second, when validating user names, you must be aware of the features of
your email server. For instance, it may use the '-' character or the
'+' character as a way to allow user-local extensions. Thus
"example-foo," "example-bar," and "example" may all be the same
user/mailbox. If you are not aware of this, then a new user might be
set up as "example-bar" and one would mask the other. Either the old
user would prevent the new one from receiving any mail, or the new one
would begin intercepting some of the old user's mail. Thus, because a
character is allowed by RFC does not mean that you should allow it in
usernames.
Third, you should be aware that non-ASCII support was defined in RFC
6531, in 2012. That's very recent as RFCs go, and it is not widely
supported today. None of the mail servers shipped with CentOS 7, for
instance, include such support. Even if you build your own software
that supports the RFC, users with non-ASCII usernames will not be able
to send or receive email with remote domains that don't include such
support.
https://en.wikipedia.org/wiki/Extended_SMTP#List_of_supporting_servers_3
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
