| ▲ | cyberax 4 hours ago | |||||||
This is just a dirty fix. It adds weird restrictions and masks issues. Refactoring external invocations to use safe argument handling is a better way to fix it. Along with tests that exercise weird names. | ||||||||
| ▲ | raggi 2 hours ago | parent | next [-] | |||||||
http://github.com/tailscale/tailscale/commit/e4144230f410204... | ||||||||
| ▲ | sedatk 4 hours ago | parent | prev [-] | |||||||
I argue the opposite: there’s no better fix for this. You can write the most elegant fix, whatever it is, and prevent that from happening only on the codebase that’s fixed. That doesn’t mean that the codebase will always be the only authority on authentication. The username policy fixes this issue for good, regardless of whatever you write in the future, or whatever new mechanism is introduced. It’s a restriction for sure, but it’s not a nonsense restriction? Who would have a username starting with a hyphen? I didn’t even know it was possible until today. | ||||||||
| ||||||||