| ▲ | afiori 6 hours ago |
| Forbidding users to use your service to propagate "litte bobby tables" pseudo-pranks is likely a good choice. The choice is different if like most apps you are almost only a data sink, but if you are also a data source for others it pays to be cautious. |
|
| ▲ | dcow 6 hours ago | parent [-] |
| I think it’s more of an ethical question than anything. There will always be pranksters and there will never be perfect input validation for names. So who do you oppress? The people with uncommon names? Or the pranksters? I happen to think that if you do your job right, the pranksters aren’t really a problem. So why oppress those with less common names? |
| |
| ▲ | afiori 5 hours ago | parent [-] | | I am not saying to only allow [a-zA-Z ]+ in names, what I am Saying is that it is ok to block names like "'; drop table users;" or "<script src="https://bad.site.net/></script>" if part of your business is to distribute that data to other consumers. | | |
| ▲ | dcow 5 hours ago | parent [-] | | And I’m arguing, rhetorically, what if your name produces a syntax error—or worse means something semantically devious—in the query language I’m using? Not all problems look like script tags and semicolons. | | |
| ▲ | foldr 3 hours ago | parent [-] | | It's a question of intent. There aren't any hard and fast rules, but if someone has chosen their company name specifically in order to cause problems for other people using your service, then it's reasonable to make them change it. |
|
|
|
