Why are usernames so restrictive?

(Erik Heemskerk) #10

An afternoon is 4 hours. Imagine how many other issues can be solved in an afternoon? Also, I think you’re grossly underestimating how many testing is required to properly implement it.

Perhaps, but from a software engineering standpoint it’s better to whitelist than to blacklist. In other words, it’s better to define what characters are allowed than what characters are not allowed.

Consequentially, the developers would have to manually add every non-alphanumeric character that users would desire in their user name. For every character, one or more tests would have to be written to ensure nothing is broken by supporting that character. Then some user starts complaining why it’s possible to use a apostrophe, but not a backtick (`). Wouldn’t be fair if it weren’t included, would it? Cue additional development and testing hours.

I wouldn’t be surprised if a lot of users in the target audience (which is, I guess, regular consumers), don’t look at their screens when they type, so they wouldn’t notice. Also, most users type a few characters to narrow down the list. If a user has a non-alphanumeric character in the first few characters of his, that would make it difficult.


(Doug Moore) #11

The problem with “slugging” solutions is that they may cause collisions between usernames. Generally slugging involves removing characters that are… less important. So “vilx-” and “vilx’” become the same URL. As for using ID’s, if you want to discuss outdated techniques some more…

1 Like

(Valts) #12

Aren’t you overengineering this a little bit? There is such a thing as too much Process.

And I do believe that this is a case for blacklisting rather than whitelisting. There aren’t that many Unicode character classes that an exhaustive blacklist of them would be enormous. Then again, whitelisting could work too, for the same reason.

Anyways, you only really need to forbid unprintable/unallocated/control characters as well as badly formed Unicode strings. Those can really mess up the page. Everything else will just be printed as a character. It might show up as something untypeable or just a little square, but it will show up, and it will be possible to copy-paste it at the least.

Not to mention that the popup shows by default the people in the current conversation, and the more recent ones (the ones you are most likely to mention) are closer.

Btw - that brings up another thought - what about Chinese/Japanese/Korean/Russian people? Do you mean to say that they won’t be able to make usernames in their native language?

Of course, this is open-source software and all that, but that’s an argument to stop any feature request.


(Valts) #13

There are plenty of URLs on this site that use IDs. Like topic and post IDs. Why should usernames be special? And - I don’t consider it outdated.


(Gweebz) #14

I agree, IDs in URL doesn’t seem like an outdated strategy… especially considering users are allowed to change their usernames. Using IDs seems like the only way to make a permanent link to a user’s profile.

1 Like

(Erik Heemskerk) #15

Now that would be a simple case to fix: simply use a Unicode character class.

In terms of over-engineering; you have recognized that allowing non-alphanumeric characters would require a user to be able to flag another user’s user name. Now that would require a substantial amount of work. Not only in development, but also in discussion, considering how complicated the flagging process is.


(Erik Heemskerk) #16

It seems easier to simply notify the user that permalinks to his or her profile will stop working when the user changes his or her user name.


(Gweebz) #17

I would argue that those would not be considered permalinks and not supporting permalinks would be a real travesty. I like to link to my online profiles often.


(Erik Heemskerk) #18

Then don’t change your user name. This might seem a Jobsian reaction, but it sounds to me as the same kind of requirement as ‘When I change the name of a file on my computer, a path that previously worked no longer does’. Should we be using B-tree node references instead of paths?


(Mike Weller) #19

What about installations of discourse aimed at asian audiences? Will they also be restricted to the roman alphabet?

Count this as a vote for blacklisting instead of whitelisting.


(Valts) #20

[quote=“korben, post:15, topic:1315”]In terms of over-engineering; you have recognized that allowing non-alphanumeric characters would require a user to be able to flag another user’s user name. Now that would require a substantial amount of work.[/quote]It will be needed anyway. Even with just alphanumerics you can make infinite varieties of offensive usernames. Non-alphanumerics hardly make it any worse. In fact, trolls who want offensive usernames probably won’t bother with non-alphanumerics, because they want readable usernames.


(Erik Heemskerk) #21

No, because you could simply whitelist all ‘letter’ characters, regardless of which script (Roman, Chinese, etc.) they are from.


(Valts) #22

Then I would like to request that all the printable symbol characters are also whitelisted. :smile:


(Dave H) #23

Also, please consider stripping whitespace from the end of the username at login, which is often added as a result of “smart” auto complete on mobile devices.


(Valts) #24

I second that. Usernames should definitely be trimmed. Aren’t they already?


(Erik Heemskerk) #25

All printable whitespace characters… Do you know how many variations of the simple ‘dash’ there are? Some of them aren’t even visibly discernable in some fonts. Hell, some fonts don’t even have these symbols. Good look searching for ‘V-i‒l–x—’. No cheating, copying and pasting isn’t allowed.


(Dave H) #26

Not for me, right now. Android Jelly Bean with stock browser and chrome, if that matters. I’m not in a position to look at the code at the moment.


(Valts) #27

[quote=“korben, post:25, topic:1315”]No cheating, copying and pasting isn’t allowed.[/quote]I fail to see the scenario where you cannot use the @ popup list or copy-paste. And even if there is one, the username “Peroketovolodzempompentelkovsky” would present just as many problems. as “V-i‒l–x—”. Fix that, and both cases work.


(Erik Heemskerk) #28

Wrong. Searching for Peroketovolodzempompentelkovsky, you could just search for ‘Peroketo’, and the search would probably find the right user. Just humor me, try searching (in your browser) for ‘V-i‒’, without using copy and paste. The user name is impossible to enter without using copy-and-paste or knowing exactly which obscure Unicode characters are used. A common user cannot be expected to be able to use the last option.


(Ilya S. Ivanov) #29

Very strange… I feel completely the opposite. And more to that, it annoys me to talk to nicknames.