On Sun, 31 Oct 1999, Chris M wrote:
> >Remember that Regex matching in general (and RewriteUsername in specific)
> >is slooowwwwww.
>
> That depends on the machine that they are running on :)
Well, slow is indeed a relative term. (:
> It definitely happens, lowers our tech support calls by about 1-2% we
> think in looking at the logs, especially on new users. Why burden
> them with all this computer esoterica.
Boils down to a philosophical discussion. I argue that knowing that "xyz"
is different than "xyz " and what the words "case specific" means is an
important basic knowlege in the internet-world rather than some obscure
esoterica they need not be bothered with. Better to get such things
straight at the beginning, probably with the result of fewer future tech
support calls and customer frustration because of this same type of thing.
> > # promote user lameness and increase security risks
> > RewriteUsername tr/[A-Z]/a-z/
>
> I fail to see how this increases security risks, if they don't'
> have a password they aren't going anywhere. Enlighten me oh regexman!
Granted it's a stretch, but that does mathmatically increase the pool
of valid username/password pairs, by creating a huge number of "valid"
usernames for each given password. Not quite as bad as lowercasing all
inbound passwords (which creates multiple "valid" passwords for each
username), but the same type of thing. Maybe not a significant increase
of risk (i admitted it to be a strech :) but there anyway.
The real argument was more the encouragement of user lameness. The
faster they learn basics, the less they're calling support for stupid
issues. IMO,YMMV
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
