We had someone register with a reserved username, getting around the restriction by the simple expedient of adding “1” to the end. I can’t tell if the system will accept a wildcard entry to prevent this, i.e., by declaring
reservedusername*
in the list. I’m a little hesitant to use the “just try it and see” method. Can anyone enlighten me?
It will, we mention it in the description below the setting
Usernames for which signup is not allowed. Wildcard symbol * can be used to match any character zero or more times.
reservedusername* should prevent reservedusername1 from being registered
–Ha! I should look more closely at what’s in front of me. Thanks!
But people will be able to register reserved_username.
Maybe it’s an idea to look at the Levenshtein distance instead of using a wildcard?
Yow, that would probably be a lot more bulletproof, but I’m not sure it’s worth that degree of effort. Out of curiosity, would you use a reg ex test of some kind? Can you do that in the Discourse admin?
This might be more effort than it’s worth… It would catch reserved_username1 but it probably wouldn’t catch official_reserved_username, right? this is the type of thing that a motivated person would always find a way around.
We have a regex setting for blocked/censored words, and that seems like a reasonable way to enhance reserved usernames (which only has the wildcard)… but does this problem come up often enough to justify prioritizing that? I don’t think it’s a complaint we’ve had often.
We only found the one instance when we searched our user names, so yeah, I don’t think it calls for anything too elaborate.
Exactly, so why support wildcards then? 
Isn’t that just reason to separately block reserved and username?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.