Name Blacklist
Users have a 'name' attribute on their corresponding Person object. This is a short, unique ASCII name suitable for use in URLs and as a short identifier. It is also possible to login using this name. Ubuntites will also get <email address hidden> email addresses.
We want to stop users being able to change their names to known confusing or dangerous terms, such as 'root', 'administrator', 'ubuntu', 'canonical' etc. We also need to ensure that names do not conflict with any manually added email aliases in the @ubuntu.com domain or well known names required by RFCs such as 'abuse' or 'postmaster'.
This same blacklist should be used for other pillar names like project, product and distribution to avoid confusion and social engineering attacks.
Blueprint information
- Status:
- Complete
- Approver:
- Mark Shuttleworth
- Priority:
- High
- Drafter:
- Stuart Bishop
- Direction:
- Needs approval
- Assignee:
- Stuart Bishop
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Good progress
- Milestone target:
- None
- Started by
- Stuart Bishop
- Completed by
- Curtis Hovey
Related branches
Related bugs
Bug #56669: Users shouldn't be able to change or register blacklisted names. | Fix Released |
Whiteboard
Done and rolled out except for a web ui.
Work Items
Dependency tree
* Blueprints in grey have been implemented.