|Anonymous | Login | Signup for a new account||2015-11-28 14:01 CET|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003719||unreal||ircd||public||2008-08-14 14:35||2013-01-13 15:35|
|Target Version||Fixed in Version|
|Summary||0003719: UTF-8 charset in UnrealIRCd 3.3|
|Description||I'd like to see UTF-8 support for nicks in UnrealIRCd 3.3. It's extremely difficult to find an IRCd that supports this, and the only one I know of can't be found on Google to download.|
I believe I'd find it a good feature for when our network gets more, various users.
(if it's already discussed before, I brought this up again because I couldn't find anything for UnrealIRCd 3.3)
|Tags||No tags attached.|
|3rd party modules|
IRCds don't normally allow UTF-8 in nicks due to the simple reason that anyone can use alternate UTF characters that look like other characters to spoof the appearance of another user.
For example, my nick (Stealth) can have up to 127 possible fakes with UTF-8. So that means someone can load up to 127 clones with UTF-8 nicks all looking like "Stealth".
Or what if someone with a similar host wants to pretend to be me to get my password?
Or harass another user?
Or carry out some other form of abuse?
Then you have the other issues with upper and lower case characters - the same problems are present there as well. Unreal has a setting to enable other character maps for this purpose (set::allowed-nickchars), and that's even questionable because of the issues mentioned above.
|I agree with you Stealth, but that's why you can make the user to use only one encoding in his nickname, like: only cyrillic, only arabic or only chinese, and can't mix them. Because if in future is like that, if I start mixing cyrillic with latil letters, as you said, I can get a lot of "fakes".|
|this is very useful because people will not need to press key combination of changing heyboard layot, to mention other users.|
edited on: 2013-01-09 20:47
There's a document called 'Unicode Security Considerations' which deals with exactly this: http://www.unicode.org/reports/tr36/ [^]
I lost my other link but there are also functions that can see which characters are identical or very similar.
NFKC, comnbined with 'case folding' to make it case insensitive.
If I understand correctly that should solve most if not all of the security concerns (look alike characters).
Of course, there are plenty of other things that still have to be solved/done before you have UTF8 support...
|2008-08-14 14:35||para_1461||New Issue|
|2008-08-15 00:54||Stealth||Note Added: 0015361|
|2008-08-15 00:54||Stealth||Status||new => feedback|
|2008-08-28 01:12||Stealth||Relationship added||has duplicate 0003723|
|2010-10-29 16:26||n0kS||Note Added: 0016393|
|2012-04-22 14:20||qdinar||Note Added: 0016984|
|2013-01-09 11:10||syzop||Note Added: 0017339|
|2013-01-09 20:45||syzop||Note Edited: 0017339||View Revisions|
|2013-01-09 20:47||syzop||Note Edited: 0017339||View Revisions|
|Copyright © 2000 - 2015 MantisBT Team|