On 05/01/2016 01:57 AM, Leon Fauster wrote:> Am 01.05.2016 um 06:43 schrieb Alice Wonder <alice at domblogger.net>: >> On 04/30/2016 08:56 PM, Gordon Messmer wrote: >>> On Sat, Apr 30, 2016 at 12:44 PM, Alice Wonder <alice at domblogger.net> wrote: >>>> >>>> For e-mail sent to people, yes. >>>> >>>> But for what usernames are allowed when creating an account, I don't see why >>>> blacklisting characters that are not allowed in a username is a standards >>>> problem. >>> >>> >>> That's not how the RFC rules are defined. But, rather than argue that >>> point at length, I'd point out that Open Group standards for usernames >>> are simple and will comply with the SMTP RFCs: >>> http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_426 >>> >>> That is, [A-Za-z0-9._][A-Za-z0-9._-] >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> >> I think there is a mis-understanding. >> >> All I was looking for was if there was a common set of characters typically blasted from new usernames *on the domain being set up* >> >> I have no desire to refuse delivery to any valid e-mail address. >> >> For example, avoiding spaces in usernames for addresses on the system is handy because it avoids bugs where the path to the mailbox on the filesystem isn't properly quoted. >> >> So user names on the system won't be allowed to have spaces even though they are legal when within quotes or escaped. >> >> That's all I was looking for, was experience on what legal characters to avoid allowing users to have for the mailbox portion of their e-mail address, the username. >> >> Of course I have no desire to restrict who they can send to if it is a legal address. > > > blacklisting is not a good practice, use the suggested whitelist ...I think this is my autism coming in to play, I think what is very clear to me I just am not able to adequately communicate because clearly people are not even remotely grasping what I am trying to convey.
On 05/01/2016 05:10 AM, Alice Wonder wrote:> On 05/01/2016 01:57 AM, Leon Fauster wrote: >> Am 01.05.2016 um 06:43 schrieb Alice Wonder <alice at domblogger.net>: >>> On 04/30/2016 08:56 PM, Gordon Messmer wrote: >>>> On Sat, Apr 30, 2016 at 12:44 PM, Alice Wonder >>>> <alice at domblogger.net> wrote: >>>>> >>>>> For e-mail sent to people, yes. >>>>> >>>>> But for what usernames are allowed when creating an account, I >>>>> don't see why >>>>> blacklisting characters that are not allowed in a username is a >>>>> standards >>>>> problem. >>>> >>>> >>>> That's not how the RFC rules are defined. But, rather than argue that >>>> point at length, I'd point out that Open Group standards for usernames >>>> are simple and will comply with the SMTP RFCs: >>>> http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_426 >>>> >>>> >>>> That is, [A-Za-z0-9._][A-Za-z0-9._-] >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>>> >>> >>> I think there is a mis-understanding. >>> >>> All I was looking for was if there was a common set of characters >>> typically blasted from new usernames *on the domain being set up* >>> >>> I have no desire to refuse delivery to any valid e-mail address. >>> >>> For example, avoiding spaces in usernames for addresses on the system >>> is handy because it avoids bugs where the path to the mailbox on the >>> filesystem isn't properly quoted. >>> >>> So user names on the system won't be allowed to have spaces even >>> though they are legal when within quotes or escaped. >>> >>> That's all I was looking for, was experience on what legal characters >>> to avoid allowing users to have for the mailbox portion of their >>> e-mail address, the username. >>> >>> Of course I have no desire to restrict who they can send to if it is >>> a legal address. >> >> >> blacklisting is not a good practice, use the suggested whitelist ... > > I think this is my autism coming in to play, I think what is very clear > to me I just am not able to adequately communicate because clearly > people are not even remotely grasping what I am trying to convey. >Basically whether it is a white list or a black list doesn't matter. One is just the complement set of the other. It's the set I'm after. Or its complement. I don't care. Not whether my code should use set A or its complement.
On 01/05/16 13:23, Alice Wonder wrote:> On 05/01/2016 05:10 AM, Alice Wonder wrote: >> >> I think this is my autism coming in to play, I think what is very clear >> to me I just am not able to adequately communicate because clearly >> people are not even remotely grasping what I am trying to convey. >> > > Basically whether it is a white list or a black list doesn't matter. > > One is just the complement set of the other. > > It's the set I'm after. Or its complement. I don't care. Not whether my > code should use set A or its complement. >See Gordon's previous answer above: That is, [A-Za-z0-9._][A-Za-z0-9._-] In other words, allowable characters are A-Za-z (upper and lower case), 0-9 (numerics), . and _ (period and underscore). Hyphens are allowed, but NOT as the first character, so maybe easier to just not allow hyphens in your account usernames.
On 05/01/2016 05:23 AM, Alice Wonder wrote:> It's the set I'm after. Or its complement. I don't care. Not whether > my code should use set A or its complement.Then you're after RFC 5321 section 4.1.2 and possibly 6531 section 3.3 (but probably not for a few years yet). You should also consider shadow-utils' chkname.c, where valid local user names are restricted to "[a-z_][a-z0-9_-]*[$]" of less than USER_NAME_MAX_LENGTH characters (though not with a regex). https://tools.ietf.org/html/rfc5321 https://tools.ietf.org/html/rfc6531 http://anonscm.debian.org/cgit/pkg-shadow/shadow.git/tree/libmisc/chkname.c