Logging in to the Dope or many other websites, I note that it doesn’t matter how I capitalize Skald the Rhymer, but it does matter on the password. It’s obvious to me why the latter is the case; it’s not clear to me why the user name does not require the same level of precision. Can anyone tell me why?
I can’t tell you for certain for any particular site because this varies with each web site. You can design it however you want.
But I think it would invite mass confusion to have one user called Skald the Rhymer and another called** Skald The Rhymer** another one called **skald the rhymer.
**Recall (or learn for the first time) that Windows line commands and pathnames are case-insensitive, but Unix/Linux (and the intimately related C programming language) is case-sensitive. So this is not just an issue that comes up on message board user names.
Oh, I understand that. I meant for log-in purposes. When I log in hereabouts or the other places I am Skald the Rhymer, the system automatically corrects the capitalization to be identical to the way it was when I typed it on adopting the name. But if my password were, oh, Rogets21st!Century, and I typed rogets21st!century, the system would call that invalid and call me a feckless wanker who will never when a Pulitzer.
I don’t understand the question. The system allows case-sensitivity on passwords to allow for more secure passwords, and obviously is not going to “correct” the password you type in, because that would make eaiser for someone to break into your account.
For the username, why wouldn’t it correct your entry to match what it should be? That’s just a user-friendly feature, since your username is not case-sensitive.
Ditto Arnold.
I guess I was thinking it would be an additional security measure, similar to the way the Dope will not tell me which I got wrong if I type either the user name or password incorrectly. But you’re probably right to see the user name case-correction as being user-friendly.
I’ve seen some boards where users’ names would show up with the capitalization they used when most recently logging in. Which I find very frustrating, since it makes it hard to tell which capitalization they prefer.
When you type your name into the name field in most cases, the software calls lower(trim(name)) to trim off any extra whitespace and convert it all to lowercase. It’s almost like an idiom. Then it uses that string to look up your password and profile. Now passwords are different, you want to preserve all the diversity that you can and, besides, no one is supposed to be looking at them anyway.
I know SQL Server, and I assume most other databases, by default use case-insensitive logic for comparisons, so that if you have a query that says SELECT * from Customers where LastName = ‘Smith’, you will by default get Smith, SMITH, sMiTh, and every other combination. You can turn this on or off for the entire database, or for selected columns in a table, such as the Login column of the Users table, but many developers don’t bother. Thus, however you type in your userid, it will match based on the settings for the database.
The password, however, uses more secure logic, and is usually encrypted from what you type for comparison with the encrypted value stored in the database. Encryption IS case-sensitive.
Oracle database searches are case SENSITIVE by default.
For usernames you’d want something more like case preservation, not case sensitivity. Case sensitivity implies that “frank” and “Frank” are different usernames. Obviously that’s an invitation to impersonation.
The simplest reason is support: you’d get more login failures, more complaints, and a less happy userbase.
The slightly longer reason is code complexity and hence security: case-insensitive usernames are easier to implement than the mix of case-sensitive and case-preservation that you’re describing, so there are fewer opportunities for coders to screw it up.
At the end of the day, it’s a design decision by the guys who wrote the website’s code. As a general rule, case insensitive usernames are the common thing. So most new websites are done that way becuase most existing websites are done that way. Becasue that’s what most users now expect and anything that increases calls to the help desk (or turns away business) is a bad thing.
There are a few sites, mostly in the finance indutry whch are bucking the trend and using case-sensitive username input. It’d be nice if they’d all include a label telling th euser that right adjacent to the input box. Some do; most don’t.
Quoth UncleRojelio:
I presume that the trim() is in there to close the “Ender Wiggins hole”, of impostors using someone’s username with spaces appended to the ends?
I am Skald the Rhymacus!
One of many reasons to join the I Hate Oracle club.
In the case of usernames, to whose advantage is it to be case-sensitive? It’s not any more secure, since somebody could just copy from the site itself. The only end result is that more users will get “invalid username / password” errors due to typos, requiring mroe frustrations. There’s no real upside.
In the case of passwords, there’s a definite advantage to case-sensitivity – it’s massively, massively more secure.
There’s more to it than that, because you have to prevent “Ender space space Wiggins”, “Ender tab Wiggins” and so on.
The simple way to avoid most such problems is to restrict usernames to lowercase alphanumerics, plus perhaps a limited set of punctuation characters.
Note that way back in the dawn of Arpanet, there were still caps-only terminals in use, so the original specs for email names and such set up things to be case insensitive. This carried over to a lot of other things over the years. (Although it’s not always true, e.g., user names on Unix systems.)
And once something like that starts, it just tends to perpetuate itself.
(And yet I forget to see if the board would take “FtG” as my username when I registered here and I’ve been stuck with “ftg” ever since. Oh well.)
For a suitable pile of Jacksons or maybe just a promise of chocolate, TubaDiva can probably fix that for you.