Block user create with certain characters/strings #2309
Comments
github-actions
bot
added
the
untriaged
cwperks
added
triaged
|
[Triage] @shanilpa Would you investigate and report back? |
|
Did some digging and this is what I am recommending after synthesizing from a bunch of Google Searches 😅 . If anyone thinks we should expand or reduce this list feel free to leave a comment. As a non developer I'm not sure if some characters might impact code. I've added comments @peternied or someone else please review and we can arrive at a finalized list and some rules. Acceptable characters for a username can include:
Characters that might conflict with code if first but not sure:
Additional characters to support accents in names not sure if these are all ASCII?:
Rules
|
|
[Triaging] Capturing what we discussed in our triaging meeting: we need to be careful, as restricting usernames is a breaking change we'll need to navigate (what happens with users created prior to this rule that now break it?) |
During the user creation flow a user can be created that has the colon character
:this user cannot use basic authentication to login - a bad experience. We should safeguard the creation of user to exclude scenarios that are fundamentally invalid.I would recommend that we try to keep this list as slim as possible to prevent customers from being unable to upgrade from a previous version to a newer version of OpenSearch.
JSON Valid Characters
As OpenSearch communicates via JSON documents, following the JSON definition seems like an easy route to follow as it has minimal restrictions in place. Here are some interesting strings that are allowed.
{"🐶🔫": "not nice, but still valid json"}{ "*~@#$%^&*()_+=><?/": "is a valid json" }From https://stackoverflow.com/a/8676132/533057
@shanilpa Could you look into this and provide recommendations if you'd like to see additional restrictions?
The text was updated successfully, but these errors were encountered: