[Zope-CMF] case sensitive usernames?

marc lindahl marc@bowery.com
Fri, 27 Jul 2001 12:38:24 -0400


> From: seb bacon <seb@jamkit.com>
> 
> Nah, that wan't sarcastic IMO.

Ok, it's me... I can accept that :)


> 
> You definitely have a point here about usability.  It would be simple
> enough to force usernames to lowercase.  In your email example,
> however, it wouldn't be a problem, since email addresses are a
> completely separate field from user names.

It is now...  but I'm talking about something like hotmail or yahoo, where
email is integrated into the system.  So when you sign up, you get no only
your home page, but an email address to go with it.  Still figuring out how
exactly this will all work, but for sure, there has to be only one username
and password, not two.



> From: Chris Withers <chrisw@nipltd.com>
> 
> That doesn't necessarily equate to usernames being caseless.

True, but for usability, you would want that (e.g. string.lower before
authenticating), since it makes the system easier to use.

I've noticed that a lot of teenagers lIkE tO tYpE lIkE tHiS - then they
forget what they did and make a new user...  so if you're creating a
many-to-one mapping for authenticating (e.g. by string.lower for excluding
'as used' new usernames, as you suggest) then the username itself should
also use the same mapping, so you get a complete coverage of input values.


So... I think that, the username could be stored with case, but the
authentication (and therefore testing new usernames for previous use) could
use string.lower.  That way, once the user logs on, they'll see their
originally-cased username - gently showing them what the mapping is (and
perhaps training them for a case-sensitive existence!) while still letting
them log in.

hmmm... not sure where to do this... BasicUserFolder.authenticate() ?