diff options
| author | Malf Furious <m@lfurio.us> | 2019-01-12 19:10:01 -0500 |
|---|---|---|
| committer | Malf Furious <m@lfurio.us> | 2019-01-12 19:10:01 -0500 |
| commit | 2263cf0953872c09fe1a1158ebb841f74fb9e3ea (patch) | |
| tree | 2655fccd0eeff3670ac41d52abdb178dc6c8046a /app/static/js | |
| parent | 032607b6ca13b7c0a7088a6b52c5fd4492df4bde (diff) | |
| download | scrott-2263cf0953872c09fe1a1158ebb841f74fb9e3ea.tar.gz scrott-2263cf0953872c09fe1a1158ebb841f74fb9e3ea.zip | |
Define stricter username policy
Previously, you could log into an account named "MyAccount" by entering
either "myaccount" or "MYACCOUNT" (or any other case conbination). This
patch requires logins to succeed with case-sensitive usernames.
I have also decided, that I wish to disallow duplicate usernames if the
only difference between them is case. There can only be _ONE_
"myaccount" (of any case combination), even if he's known canonically as
"MyAccount". This particular functionality is not changed by this
patch. I'm just noting it as a deliberate decision not to change, by
policy.
Note that _passwords_ always have been, and still are, case-sensitive.
They are salted and hashed before they even hit the database.
Signed-off-by: Malf Furious <m@lfurio.us>
Diffstat (limited to 'app/static/js')
0 files changed, 0 insertions, 0 deletions