On 19/09/2012 16:26, Martin B. Smith wrote:
On 09/19/2012 11:13 AM, Jan M. Dziewulski wrote:
Logging in should use case-sensitive passwords but not usernames (in my opinion).
Just a comment from the peanut gallery --the problem I see is that email addresses are not always usernames. For some places, they aren't even close.
*Many, many* authentication systems treat usernames as case sensitive, including kerberos and most implementations of LDAP I've seen. From what I've seen, many applications (before talking to anything on the backend) standardize the capitalization of a username (Shibboleth implementations, Drupal, etc).
Fair point. I have just been using systems where I log on to so much using my email address as a username (because I don't have a choice) that I have been too used to it. My point still remains about email addresses though.
On 19/09/2012 16:31, Michael Orlitzky wrote:
On 09/19/2012 11:13 AM, Jan M. Dziewulski wrote:
Whilst I appreciate case-sensitivity, I have *ALWAYS* thought of email addresses as being case-insensitive. i.e. joe@bloggs.com and JOE@BLOGGS.COM should go to exactly the same place. Logging in should use case-sensitive passwords but not usernames (in my opinion). I don't think this is a bug with RC but again, that is a personal opinion.
Regardless, some people do it, and it's required by the RFC. "How it should be" is irrelevant. Roundcube tries to work both ways; there's just a slight bug in the implementation. If it *didn't* try to support both ways, I wouldn't call it a bug.
Then the RFC has a bug in it (IMHO). And yes, I appreciate that if RC tries to do it in two different ways in different places, then it also has a bug.
-- Janek