Groups can be given same name as existing username


(Tobias Eigen) #1

I just came across this on my site - it is indeed possible to create a group with the same name as an existing username. Chaos ensues.

(Actually, not sure about the chaos - we had this situation for months before I noticed it today)


(Sam Saffron) #2

I think the reverse is also true, @tgxworld can you add this to your list, we definitely want to sort it out so usernames and groups can never share the same name.


(Alan Tan) #10

I’ve added the missing server side validations for now in

@sam I’m unsure about how we should proceed here with regards to the database constraints though, do you think it is worth extracting User#username and Group#name into a separate table? Those two columns are used frequently so having to join on another table might be expensive. Instead of splitting into another table, I was thinking of treating Group#name as having a lower priority than User#username. We’ll just run a periodic job that ensures that no group names would clash with a user. If someone manages to sneak a group named
test past our server side validations when a user test already exists, the job would just rename the group to test1.


(Sam Saffron) #11

3 posts were split to a new topic: Add support for Groups and Usernames that completely overlap


(Sam Saffron) #12

I am assuming this is now sorted, so I am closing it.


(Sam Saffron) #13