Friday Facts #287 - Just bugs again

Regular reports on Factorio development.
Rebmes
Long Handed Inserter
Long Handed Inserter
Posts: 98
Joined: Sat Sep 15, 2018 7:51 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by Rebmes »

Thanks for all that you do!! <3
User avatar
Nova
Filter Inserter
Filter Inserter
Posts: 959
Joined: Mon Mar 04, 2013 12:13 am
Contact:

Re: Friday Facts #287 - Just bugs again

Post by Nova »

What I would like to know: Did you / will you implement a test to make sure the bug with invalid usernames can't happen again? You once said that you implement a test for every bug fixed, so I'm curious if that's the case for this.
psa
Burner Inserter
Burner Inserter
Posts: 11
Joined: Sun Aug 05, 2018 1:15 am
Contact:

Re: Friday Facts #287 - Just bugs again

Post by psa »

If you're doing email addresses, note that they're just as difficult to get right (if you're trying to sanitize them). RFC 5322 tells most of the story (there are long regex's for this), but you'll also need to be compliant with RFC 6532 (internationalization).

"Here be dragons" is a understatement. There is a reasonable argument for just checking ".+@.+" (while banned for new TLDs, there are grandfathered TLDs which have had MX records, so don't assume a ".") and then sending a verification email.

Why do I care? Well I've personally screwed this code up before and I often use plussing, which is frequently broken by improper implementations.
TheRaph
Fast Inserter
Fast Inserter
Posts: 232
Joined: Sun Sep 24, 2017 6:31 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by TheRaph »

Sanqui wrote: ↑Fri Mar 22, 2019 4:48 pm
ledow wrote: ↑Fri Mar 22, 2019 4:24 pm Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".
There's some quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.
As far as I see, the most of written problems on site of your posted link are not "your" problems, because factorio can handle whitespaces properly - except that ban issue. So if you fix that point, I don't see technically problems for using whitespaces.
If someone may worry about identity stealing, so he may find nice suggestions on that linked site.
For example: no leading / trailing whitespaces, no double whitespaces an so on.

Use email-address as user name is a bad idea - just for ban-reasons.
Because to set up a rule "a chosen user name may NEVER be changed" is easy. You may ban someone and are ready.

To set up a rule to never change an email address is a very bad idea. Because sometimes provider change.
To have a changeable mail address is also a bad idea for banning reasons.
Because if I like to damage something on someones server an he will ban me, I just had to change my mail address and do some heavy revenge on his server. He will ban me again and I will change my mail address again ... the winner is that person with longer breath.
Jap2.0
Smart Inserter
Smart Inserter
Posts: 2375
Joined: Tue Jun 20, 2017 12:02 am
Contact:

Re: Friday Facts #287 - Just bugs again

Post by Jap2.0 »

TheRaph wrote: ↑Sat Mar 23, 2019 8:48 pm
Sanqui wrote: ↑Fri Mar 22, 2019 4:48 pm
ledow wrote: ↑Fri Mar 22, 2019 4:24 pm Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".
There's some quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.
As far as I see, the most of written problems on site of your posted link are not "your" problems, because factorio can handle whitespaces properly - except that ban issue. So if you fix that point, I don't see technically problems for using whitespaces.
If someone may worry about identity stealing, so he may find nice suggestions on that linked site.
For example: no leading / trailing whitespaces, no double whitespaces an so on.

Use email-address as user name is a bad idea - just for ban-reasons.
Because to set up a rule "a chosen user name may NEVER be changed" is easy. You may ban someone and are ready.

To set up a rule to never change an email address is a very bad idea. Because sometimes provider change.
To have a changeable mail address is also a bad idea for banning reasons.
Because if I like to damage something on someones server an he will ban me, I just had to change my mail address and do some heavy revenge on his server. He will ban me again and I will change my mail address again ... the winner is that person with longer breath.
Presumably the ban would be applied to the permanent id.
There are 10 types of people: those who get this joke and those who don't.
User avatar
H8UL
Fast Inserter
Fast Inserter
Posts: 114
Joined: Mon May 15, 2017 4:02 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by H8UL »

I am with the devs on username restrictions.

In general terms, whenever I have to enter some command or markup with spaces, I always wonder if I am supposed to escape or quote somehow.

Such uncertainty is common. Stackoverflow handles spaces in @usernames in a rather powerful way but there are many users who have asked how it works, no doubt many more who have searched for answers to the same. E.g. https://meta.stackoverflow.com/question ... their-name

If usernames don't ever have spaces and punctuation, then that's one less thing to wonder about. Multiplayer game admins deserve quality of life, too, and simple usernames is beneficial to their quality of life if they enter use rna mes in to comm and script /s
Shameless mod plugging: Ribbon Maze
WarpZone
Inserter
Inserter
Posts: 46
Joined: Mon Feb 13, 2017 9:39 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by WarpZone »

I think the username ' or 1=1; -- is little Johnny Tables's account.
Post Reply

Return to β€œNews”