Are user names ever case sensitive?

Question

I'm looking at some code that converts user names to lower case, before storing them. I'm 90% sure this is ok, but are there systems out there that actually require case sensitivity on the user names (specifically in the health industry)?

Note: my particular code is not at the point of entry. We are taking user names from other systems. The worry I have is depending on those systems (which may or may not be under our control) to consistently pass us usernames in the same case as each other (when describing the same user).

Also of note - the code is:

userName.toLowerCase(Locale.ENGLISH)

Are all user names in english? Is this just so it matches collation in the database? Note that (in java at least) String.toLowerCase() is defined as String.toLowerCase(Locale.getDefault())

Answer 1

If your only goal is differentiating one user from another, it seems logical that you would want more than case to be a factor.

Answer 2

unix logins are case sensitive...

Are there any other systems that do this?

Answer 3

I have never encountered a system that enforced case-sensitivity on usernames (nor would I want to).

Most likely the code forces them lowercase at the point of entry as an attempt to prevent case-sensitivity problems later.

Answer 4

Lowercasing the user name using the English locale is bound to cause you problems. I would suggest lowercasing using the invariant culture.

Answer 5

toLowerCase has only one reason for it to accept a locale:

since small letter i has a dot in every standard language, the letter I is transformed to a i with a dot.

but in turkish, there is also a capital letter İ with a dot above. this is transformed to a small letter i.

the "regular" turkish capital I is transformed to a small ı - without a dot.

so, unless your turkish usernames are all called IiI1I1iiII, i would hardly worry about this.

every other language than turkish has a identical toLowerCaseImplementation. so you could chose Locale.ENGLISH or Locale.GERMAN or whatever..just make sure you do not pick turkish.

see the javadoc for more detailed information

edit: thanks to utku karatas i could/copy paste the correct glyphs in ths post.

Answer 6

It depends on context, but in the Informix dialect of SQL, there are 'owners' (basically equivalent to a schema in standard SQL), and how you write the owner name matters.

SELECT *
    FROM someone.sometable, "someone".sometable,
         SOMEONE.sometable, "SOMEONE".sometable

The two quoted names are definitely different; the two unquote names are mapped to the same name, which (depending on database mode) could be either of the other two. There is some code around which does case-conversion on the (unquoted) names. Fortunately, most of the time you don't need to specify the name, and when you do you write the name without quotes and it all works; or you write the name with quotes and are consistent and it all works. Occasionally, though, people like me have to really understand the details to get programs to work sanely despite all the hoops.

Also, (as Stephen noted) Unix logins are case-sensitive, and always have been. I believe Windows logins are mostly case-insensitive - but I don't experiment with that (there are too many ways to get screwed up on Windows without adding that sort trickery to the game).

If you really want to confuse someone on Unix, give them a numeric user name (e.g. 123) but give them a different UID (e.g. 234).

Answer 7

Kerberos, which can be used in Windows environments too, has case sensitivity problems. You can configure it in a certain way to ensure that case sensitivity issues will not arise, but it can go the other way too.

Answer 8

Using case sensitive username/passwords is an easy way to increase security, so the question is, how much do you care about security vs usability. Just keep in mind that the way your looking at solving the case insensitivity may have some localization problems, if you don't care then don't worry about it.