Having a drop down with all user names is a security issue

[GoogleCodeExporter]

Showing all usernames is a security issue, and makes it much easier for a
hacker to start his work. Also, in leagues with many users, the list can
get very long, and not very user friendly.

Original issue reported on code.google.com by syko...@gmail.com on 25 Mar 2009 at 9:43

[GoogleCodeExporter]

Don't really have any standpoint on this one.
Guess it's a security risk, but having a text-based field for usernames is also 
a
security risk - only lower. Considering the "attention" obblm websites get, 
this has
not really been any problem so far.
You may, of course, fix this issue yourself, if you have a strong opinion on 
this :-).

Original comment by Nimda...@gmail.com on 26 Mar 2009 at 12:06

• Changed state: Accepted

[GoogleCodeExporter]

Since coachname = username the security wont be much better without a dropdown 
list.
I like the userfriendly part of having a dropdown list. ;-) It's a valid point 
that
it can be messy to find your coachname if having lots of coaches in league. 
Lahatiel
has the most number of coaches in his league I think? Do you experience any 
problems
regarding this?

/Daniel

Original comment by blodae@gmail.com on 26 Mar 2009 at 9:19

[GoogleCodeExporter]

Usability is my field, and no, it is not userfriendly to have your username 2/3 
down
a dropdown list where you have to scroll :P

But as Nimda already stated, it is very easily fixed, so I can just fix this in 
my
local install.

Original comment by syko...@gmail.com on 26 Mar 2009 at 9:46

[GoogleCodeExporter]

This is now a choosable option from settings.php.

Original comment by Nimda...@gmail.com on 26 Mar 2009 at 10:18

• Changed state: Fixed