Monthly Archives: July 2016

Don’t overlook username limitations

Photo Credit: https://500px.com/bruceruns2

Photo Credit: https://500px.com/bruceruns2

One of the items that I see often get overlooked in building a website with user profiles is limits to username validation. The obvious list to exclude are items like ‘admin’, ‘staff’, and ‘system’, however I’d suggest an even wider blacklist. Should your website offer shorter profile urls (site.com/username vs site.com/users/username) or virtual subdomains (username.site.com), the list should also include items like ‘account’, ‘secure’, and ‘redirect’.

Security isn’t easy. Hopefully this helps you add yet another layer of protection to your site or client project. Username blacklists – added to the checklist.