[openstreetmap/openstreetmap-website] prevent copycats during registration (#1419)
Andy Allan
notifications at github.com
Tue Jan 31 11:14:31 UTC 2017
> That's just ridiculous. How on earth are we supposed to programatically determine what constitutes a "copycat" account? Or should we just send them all for your personal review?
That's an unhelpful comment.
> suppress fiddling with unicode to impersonate legit osm users
We already support some measures to prevent copycat account names (specifically, you are no longer allowed a name which are case-insensitive duplicates, see https://github.com/openstreetmap/openstreetmap-website/blob/34d663f01af07033dfca697ad607cb473aa70e40/app/models/user.rb#L41-L42 . We can extend this idea to cover other unicode-based normalisation approaches, e.g. e-acute vs e-with-combining-acute, duplicated Unicode characters (see https://en.wikipedia.org/wiki/Duplicate_characters_in_Unicode) and homoglyphs or near-homoglyphs (see https://en.wikipedia.org/wiki/Homoglyph).
The best approaches will be to work with whatever functions are available through PostgreSQL, e.g. [unaccent()](https://www.postgresql.org/docs/current/static/unaccent.html), or ruby, e.g. [unicode_normalize](https://ruby-doc.org/stdlib-2.2.1/libdoc/unicode_normalize/rdoc/String.html) or if there are suitable rubygems. We shouldn't attempt to build our own unicode normalisation rules!
Finally, the best long-term solution will be to include the account id in the URL, so that even the most creative of duplicate display names are easily distinguishable as separate accounts.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1419#issuecomment-276337054
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20170131/93f52ac7/attachment.html>
More information about the rails-dev
mailing list