Wouldn't the string of allowed characters be gigantic? There are 95,156 characters in Unicode 3.2, though I'm unsure how many would be needed on an "allowed" characters list. Perhaps for limited situations, like (A-Z,-,@), this might work.
Kenneth M. Kolano Technology Architecture & Innovation 908-423-4241 WS1B-51B -----Original Message----- From: Elias Torres [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 1:19 PM To: [email protected] Subject: Re: Safe UserName characters Sounds good to me. If the route will be to allow characters on a configurable basis then I think it makes more sense to place the config option in the ApplicationResources.properties. Thanks! Elias On 8/16/05, Lance Lavandowska <[EMAIL PROTECTED]> wrote: > How about using ApplicationResources.properties to store the string of > allowed characters? This will allow you to customize as you wish for > the moment (your suggested string should not pose a problem) and will > allow languages other than English to specify any additional > characters they like. > > I don't know how this will interact with the I18N/authentication > problem Anil mentions, but wouldn't this allow those with expertize in > their a particular language (and how it interacts with Http/Tomcat) > make the decision? > > Lance > > On 8/16/05, Elias Torres <[EMAIL PROTECTED]> wrote: > > Any decision on this need I have regarding safe characters? Did you > > decide whether you would include the ability to specify allowed > > characters (snippet included by me) or to remove the restriction on > > some characters because of your i18n work on Roller? > > > > We are trying to decide if we use Roller again inside for IBM weblogs, > > but I would not like to fork the code again and instead be using the > > latest releases from SVN. The more flexible you are with us, the > > easier our decision will be and less changes we'll have to maintain > > separate from the main repository. > > > > I'll definitely have more requests coming if we decide to go with Roller. > > > > Elias > > > > On 8/9/05, Anil Gangolli <[EMAIL PROTECTED]> wrote: > > > > > > A bit of caution, oddly related to the authentication mechanism topic. > > > One of the stopping points has been problems in the form authentication > > > chain, currently used by Roller. Tomcat forces ISO-8859-1 for this. > > > > > > (There's a bug filed about it but I can't quote the number because I > > > can't seem to get to our Jira site right now. The bug says something > > > about character corruption when going through login; it's high on the > > > "importance list," assigned to Dave with lots of comments from me while > > > I went through analyzing it.) > > > > > > We may be able to address it for Tomcat with a Valve, but not sure how > > > other containers will behave. > > > > > > --a. > > > > > > Elias Torres wrote: > > > > > > >On 8/8/05, Lance Lavandowska <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > >>I think alphanumeric was chosen because it is known "websafe" but > > > >>there are obviously other characters that can safely be put in a URL, > > > >>such as the ones you list below. > > > >> > > > >>Since we are now encoding our URLs more thoroughly (for I18N support) > > > >>perhaps we can drop this requirement? I haven't looked thoroughly to > > > >>support this question/claim. > > > >> > > > >>Lance > > > >> > > > >> > > > > > > > >That would be even better! > > > > > > > >Thanks Lance. > > > > > > > >Elias > > > > > > > > > > > > > > > >>On 8/8/05, Elias Torres <[EMAIL PROTECTED]> wrote: > > > >> > > > >> > > > >>>Is there/should there be an option to allow other than alphanumeric > > > >>>characters in usernames other than commenting a few lines in > > > >>>UserBaseAction. At IBM we use email addresses as Roller IDs (because > > > >>>usernames are not globally unique, except at the country level). > > > >>> > > > >>>I've written a piece of code to make this work if you are interested. > > > >>>It uses commons-lang CharSetUtils. > > > >>> > > > >>>roller.properties > > > >>>[EMAIL PROTECTED] > > > >>> > > > >>>UserBaseAction.java > > > >>> > > > >>>protected static String DEFAULT_ALLOWED_CHARS = "A-Za-z0-9"; > > > >>> > > > >>>UserBaseAction#validate() > > > >>> > > > >>>String allowed = RollerConfig.getProperty("username.allowedChars"); > > > >>>if(allowed == null || allowed.trim().length() == 0) { > > > >>> allowed = DEFAULT_ALLOWED_CHARS; > > > >>>} > > > >>> > > > >>>String safe = CharSetUtils.keep(form.getUserName(), allowed); > > > >>> > > > >>>Regards, > > > >>> > > > >>>Elias > > > >>> > > > >>> > > > >>> > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan, as Banyu) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. ------------------------------------------------------------------------------
