Currently there is no restriction on characters in a username, which can result in security issues if the value of the username is not handled properly post authentication. Example:
Would you be open to allowing only alphanumeric + _ , or alternatively to let the auth module take a username validator as an optional parameter to decide the allowed character set?
Currently there is no restriction on characters in a username, which can result in security issues if the value of the username is not handled properly post authentication. Example:
Would you be open to allowing only alphanumeric +
_
, or alternatively to let the auth module take a username validator as an optional parameter to decide the allowed character set?