>Well, it’s easy until we start thinking about case. If you’re registered as john_doe, what happens if I register as JOHN_DOE? It’s a different username, but could I cause people to think I’m you? Could I get people to accept friend requests or share sensitive information with me because they don’t realize case matters to a computer?
Just this month we fixed this issue by using a citext column in postgres. So yes, it is easy. Maybe I'm missing an edge case here?
I assume that's not a standard datatype in all RDBMSs, and the article seems to focus on Django, so I think the author in speaking about ORMs (of course, you generally can also define custom validations in most ORMs, so even a lower() check would help in many cases)
The problem is not hard to fix from a technical standpoint, but from a practical standpoint it is impossible to fix due to breaking too many sites that were created without case insensitivity and that likely contain conflicts.
Yeah. We switched to CITEXT for email addresses after 10k users, and had to go through quite a complex process to merge about 30 user accounts that had signed up duplicate accounts with email addresses varying only in case). It was a major PITA
>Well, it’s easy until we start thinking about case. If you’re registered as john_doe, what happens if I register as JOHN_DOE? It’s a different username, but could I cause people to think I’m you? Could I get people to accept friend requests or share sensitive information with me because they don’t realize case matters to a computer?
Just this month we fixed this issue by using a citext column in postgres. So yes, it is easy. Maybe I'm missing an edge case here?
https://www.postgresql.org/docs/9.1/static/citext.html