Thursday August 3, 2006
Login name restriction
- Posted by Rob (#1) on August 3, 2006 16:28 CEST
Up until now my site did not put any restrictions on the choice of a login name. All public references were either URL encoded or transformed to proper HTML entities, so it didn't really matter if there were any unusual characters.
However, a lot of spammers attempt to break Kiki's security by sending invalid data, aiming to abuse the registration process as a method of sending e-mail. Sorry lads, your attempts don't work and forgive me for my arrogance, they never will. However, I do end up with annoying zombie accounts in the database due to those silly spamming attempts:
And I don't like to be annoyed. So let it be known that as of now login names are restricted to letters, numbers, periods, dashes and underscores. And I've added the "random image code" Turing-ish CAPTCHA to registration, including an update to the look and feel of it (matching colours and a new font). Look at it's new-found prettiness:
- PermaLink: Login name restriction
- Tags: Kiki, security, user profiles, spam, SQL injection, Turing test, CAPTCHA
- Post comment