views:

103

answers:

3

Using the Django framework, I've built a user-based web application. After some time, my client requested that the application disallow creating usernames that contain users' last names.

I have two questions:

  1. Is it possible to do this reliably, always catching someone trying to register a username containing their last name, which is also present as a sign-up field? (My understanding and experience is that users can easily subvert this and still make the username look like their last name just by adding special characters or integers.)

  2. What would be the best way to do this?

A: 

I don't think you can accomplish this withoud knowing their last name first. For example if I can make my username:

joevasquez OR jvasquez OR vasquezj OR vasquez...

There are no rules on what constitutes someome's last name. What if someone's last name is joe? It's not like filtering swearwords.

What is the reason behind this request? If it's privacy you can inform the user, but I don't think you can stop people from using their last names.

jobscry
whoops, forgot their last name is in the registration. cpharmston's spot on.
jobscry
The reason is privacy, and I think in the end it might be better to go with a social solution and inform the user upfront than to rely on a programming technique and show them errors.
+3  A: 

Try creating a custom validation rule. The function (which would be a member method of a subclass of django.forms.Field) might look something like this:

def validate(self, value):
    if len(re.findall(self.lastname,value)) > 0:
        raise forms.ValidationError('Your username may not contain your last name.')
    return value
cpharmston
But it still is possible to subvert this by using something like this: "and3rson" (last name "Anderson"). While it is simple to look for exact string, users will find a way to add their last name to username in some form anyway. I guess the big question is whether this is a good idea in their first place.
A: 

You can simply have your app autogenerate the usernames? Or use email as username?

nabucosound
Users need to choose usernames that are memorable to them, so I'm not sure that autogenerating them is the best option. As far as using email address, 2 or more people can share one.