Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,048
    Thanks
    25
    Thanked 0 Times in 0 Posts

    Case-Sensitivity

    Should a Member Username and Member Password be case-sensitive????

    (I always assumed they were in MySQL?!)

    Sincerely,


    Debbie

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Password is irrelevant since it'll be hashed. Sensitivity matters in a hash.
    Usernames are debatable. Especially if two users with the same name in different cases happen to have identical passwords.
    You can enable case sensitivity by either using the COLLATE directly within your queries where clause, or by using a *_CS collation when building the table.

    Personally, I'd say usernames should be case insensitive. Store them as given, but search for insensitively. Unlike an email address where case does matter, companies like google still consider both FouLu and foulu to be the same user account. Same deal, it eliminates the complexity and problems with case sensitive usernames.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,592
    Thanks
    0
    Thanked 645 Times in 635 Posts
    Quote Originally Posted by Fou-Lu View Post
    Unlike an email address where case does matter
    Surely case doesn't matter for email addresses since they all still work whether in all uppercase, all lowercase or anything in between.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #4
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,048
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Password is irrelevant since it'll be hashed. Sensitivity matters in a hash.
    Yeah, but if I type in that my password is "HotMama", should I be able to successfully log in if I enter "hotmama" later?


    Quote Originally Posted by Fou-Lu View Post
    Usernames are debatable. Especially if two users with the same name in different cases happen to have identical passwords.
    You can enable case sensitivity by either using the COLLATE directly within your queries where clause, or by using a *_CS collation when building the table.

    Personally, I'd say usernames should be case insensitive. Store them as given, but search for insensitively. Unlike an email address where case does matter, companies like google still consider both FouLu and foulu to be the same user account. Same deal, it eliminates the complexity and problems with case sensitive usernames.
    While testing my form - which looks for taken Usernames - that while I already had a "DoubleDee" user, that my form complained when I typed in "doubledee" because MySQL said it was the same thing (i.e. a Dup).

    I think on here, when you log in, case doesn't matter for the Username, but it seems to me that it does matter on the Password.

    How should a Password behave?

    Sincerely,


    Debbie

  • #5
    Senior Coder djm0219's Avatar
    Join Date
    Aug 2003
    Location
    Wake Forest, North Carolina
    Posts
    1,292
    Thanks
    4
    Thanked 202 Times in 199 Posts
    Quote Originally Posted by doubledee View Post
    Yeah, but if I type in that my password is "HotMama", should I be able to successfully log in if I enter "hotmama" later?
    No, those are 2 different passwords and the hash for them will be different.
    Dave .... HostMonster for all of your hosting needs

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Quote Originally Posted by felgall View Post
    Surely case doesn't matter for email addresses since they all still work whether in all uppercase, all lowercase or anything in between.
    According to RFC-5321:
    2.4. General Syntax Principles and Transaction Model
    . . .
    Verbs and argument values (e.g., "TO:" or "to:" in the RCPT command
    and extension name keywords) are not case sensitive, with the sole
    exception in this specification of a mailbox local-part (SMTP
    Extensions may explicitly specify case-sensitive elements). That is,
    a command verb, an argument value other than a mailbox local-part,
    and free form text MAY be encoded in upper case, lower case, or any
    mixture of upper and lower case with no impact on its meaning. The
    local-part of a mailbox MUST BE treated as case sensitive
    .
    Therefore, SMTP implementations MUST take care to preserve the case
    of mailbox local-parts. In particular, for some hosts, the user
    "smith" is different from the user "Smith". However, exploiting the
    case sensitivity of mailbox local-parts impedes interoperability and
    is discouraged. Mailbox domains follow normal DNS rules and are
    hence not case sensitive.
    Local part (the foulu in foulu@host.com) must be treated case sensitive. If the host determines otherwise, that's their prerogative.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #7
    New Coder
    Join Date
    Oct 2013
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Local part (the foulu in foulu@host.com) must be treated case sensitive. If the host determines otherwise, that's their prerogative.
    So basically; it should be case sensitive, but it might not be. :-)

    I've never seen a case sensitive email address. I'd go for the "store as given, compare case insensitive" option.

    Passwords must be case sensitive, simply because the distinction between upper and lowercase doubles the number of usable characters and you want to allow as many characters as possible in a password. As other have said: this is solved by the hash that you use to store the password (you do hash your passwords, right? )

    Usernames; never case sensitive.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •