Page 2 of 2
Re: Friday Facts #287 - Just bugs again
Posted: Sat Mar 23, 2019 4:24 am
by Rebmes
Thanks for all that you do!! <3
Re: Friday Facts #287 - Just bugs again
Posted: Sat Mar 23, 2019 4:39 am
by Nova
What I would like to know: Did you / will you implement a test to make sure the bug with invalid usernames can't happen again? You once said that you implement a test for every bug fixed, so I'm curious if that's the case for this.
Re: Friday Facts #287 - Just bugs again
Posted: Sat Mar 23, 2019 6:37 am
by psa
If you're doing email addresses, note that they're just as difficult to get right (if you're trying to sanitize them). RFC 5322 tells most of the story (there are long regex's for this), but you'll also need to be compliant with RFC 6532 (internationalization).
"Here be dragons" is a understatement. There is a reasonable argument for just checking ".+@.+" (while banned for new TLDs, there are grandfathered TLDs which have had MX records, so don't assume a ".") and then sending a verification email.
Why do I care? Well I've personally screwed this code up before and I often use plussing, which is frequently broken by improper implementations.
Re: Friday Facts #287 - Just bugs again
Posted: Sat Mar 23, 2019 8:48 pm
by TheRaph
Sanqui wrote: ↑Fri Mar 22, 2019 4:48 pm
ledow wrote: ↑Fri Mar 22, 2019 4:24 pm
Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".
There's some
quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is
permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.
As far as I see, the most of written problems on site of your posted link are not "your" problems, because factorio can handle whitespaces properly - except that ban issue. So if you fix that point, I don't see technically problems for using whitespaces.
If someone may worry about identity stealing, so he may find nice suggestions on that linked site.
For example: no leading / trailing whitespaces, no double whitespaces an so on.
Use email-address as user name is a bad idea - just for ban-reasons.
Because to set up a rule "a chosen user name may NEVER be changed" is easy. You may ban someone and are ready.
To set up a rule to never change an email address is a very bad idea. Because sometimes provider change.
To have a changeable mail address is also a bad idea for banning reasons.
Because if I like to damage something on someones server an he will ban me, I just had to change my mail address and do some heavy revenge on his server. He will ban me again and I will change my mail address again ... the winner is that person with longer breath.
Re: Friday Facts #287 - Just bugs again
Posted: Sat Mar 23, 2019 9:42 pm
by Jap2.0
TheRaph wrote: ↑Sat Mar 23, 2019 8:48 pm
Sanqui wrote: ↑Fri Mar 22, 2019 4:48 pm
ledow wrote: ↑Fri Mar 22, 2019 4:24 pm
Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".
There's some
quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is
permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.
As far as I see, the most of written problems on site of your posted link are not "your" problems, because factorio can handle whitespaces properly - except that ban issue. So if you fix that point, I don't see technically problems for using whitespaces.
If someone may worry about identity stealing, so he may find nice suggestions on that linked site.
For example: no leading / trailing whitespaces, no double whitespaces an so on.
Use email-address as user name is a bad idea - just for ban-reasons.
Because to set up a rule "a chosen user name may NEVER be changed" is easy. You may ban someone and are ready.
To set up a rule to never change an email address is a very bad idea. Because sometimes provider change.
To have a changeable mail address is also a bad idea for banning reasons.
Because if I like to damage something on someones server an he will ban me, I just had to change my mail address and do some heavy revenge on his server. He will ban me again and I will change my mail address again ... the winner is that person with longer breath.
Presumably the ban would be applied to the permanent id.
Re: Friday Facts #287 - Just bugs again
Posted: Sat Mar 23, 2019 10:21 pm
by H8UL
I am with the devs on username restrictions.
In general terms, whenever I have to enter some command or markup with spaces, I always wonder if I am supposed to escape or quote somehow.
Such uncertainty is common. Stackoverflow handles spaces in @usernames in a rather powerful way but there are many users who have asked how it works, no doubt many more who have searched for answers to the same. E.g.
https://meta.stackoverflow.com/question ... their-name
If usernames don't ever have spaces and punctuation, then that's one less thing to wonder about. Multiplayer game admins deserve quality of life, too, and simple usernames is beneficial to their quality of life if they enter use rna mes in to comm and script /s
Re: Friday Facts #287 - Just bugs again
Posted: Sun Mar 24, 2019 1:13 am
by WarpZone
I think the username ' or 1=1; -- is little Johnny Tables's account.