lauramengel
commented
6 years ago This is fine as an option for 8.8.10. You have mitigated the risk of spoofing an SSO or cert account by not allowing special characters in the created username, so an SSO or cert username cannot be entered.
This would be useful for instances where Basic Auth still exists since these accounts are not verified to have the right name or e-mail address. Spoofing is possible.
To be considered for 8_8_10, probably.