Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unicode in usernames (and passwords)? [closed]

Tags:

security

php

mysql

unicode

After reviewing this I realised I still have a few questions left regarding the topic.

Are there any characters that should be 'left out' for legitimate security purposes? This includes all characters, such as brackets, commas, apostrophes, and parentheses.

While on this subject, I admittedly don't understand why admins seem to enjoy enforcing the "you can only use the alphabet, numbers, and spaces" rule. Does anything else have the potential to be a security flaw or break something I'm not aware of (even in ASCII)? As far as I've seen during my coding days there is absolutely no reason that any character should be barred from being in a username.

like image 570
Zydeco Avatar asked Jan 20 '11 03:01

Zydeco

People also ask

What is Unicode in a password?

Unicode is the magic system used so all the different letters and symbols from languages around the world can be used on a computer. Seriously, its nothing short of amazing (representing over 110 thousand characters)! And they make for the ultimate geek password!

Can you use Unicode in passwords?

It is 2018 and Google's Authentication API now supports unicode passwords.

How do I enable Unicode?

To insert a Unicode character, type the character code, press ALT, and then press X.

What is a Unicode example?

Numbers, mathematical notation, popular symbols and characters from all languages are assigned a code point, for example, U+0041 is an English letter "A." Below is an example of how "Computer Hope" would be written in English Unicode. A common type of Unicode is UTF-8, which utilizes 8-bit character encoding.

1 Answers

There's no security reason to not use certain characters. If you're properly handling all input, it doesn't make any difference whether you're only handling alphanumeric characters or Chinese.

It is easier to handle only alphnum usernames. You don't need to think about ambiguity with collations in your database, encoding usernames in URLs and things like that. But again, if you're properly handling it, there's no technical reason against it.

For practical reasons passwords are often only alphanumeric. Most password inputs don't accept IME input for example, so it's almost impossible to have a Japanese password. There's no security reason for disallowing non-alphanum characters though. On the contrary, the larger the usable alphabet, the better.

like image 157
deceze Avatar answered Oct 13 '22 01:10

deceze
Sign in to Comment

Related questions

Skipping PHP end tag [duplicate]
Getting the contents of a file with PHP FTP
How to know if the website being scraped has changed?
Safe way to store decryptable passwords
Wordpress database insert() and update() - using NULL values
Assert that request verb is POST
Anyone knows what the code snippet means below?
array_key_exists is not working
PHP: How to get creation date from uploaded file?
Import excel files with image in php/mysql
$settings array or Config Class to store project settings?
Repeat array to a certain length?
Working with files and utf8 in PHP
setting and extending Session Lifetime using Zend_Auth
PHP recursive function to delete all child nodes causes stackoverflow
PHP memory_get_usage
How can I use PHP to list all the dates in a year?
Facebook - how to go directly to the request permission dialog with an iframe app?
Easy Encryption and Decryption with PHP
With mysql_fetch_array I can easily count the rows returned. Can I do something similar with mysql_fetch_object?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!