I am working on a website where people will be able to create their own profile which will be accessible by the URL http://mydomain.com/username.
While I was writing my code to validate user names I started thinking about all the awful user names people could choose.
Not just rude words, but things like folder names (whether actual names or not), or official sounding words could be used to deceive people into thinking their profile page was some sort of official page instead. For example if I chose the user name "administrator" other site users might be mislead that the person is some sort of site administrator.
Just looking for recommendations to avoid these problems. At present I have a blacklist in place to prevent certain terms from being used (120 and counting), but I wonder if there is any better way to do this.
I know I could change the url to http://mydomain.com/profile/username but would prefer to keep the url simpler. This is how Facebook and other sites do this too of course.
Aucun commentaire:
Enregistrer un commentaire