Prevent homographic logins (impersonation)
completed by: dmitrig01
mentors: Dylan Tack
In Drupal, a user can impersonate someone else by using non-Latin characters in their username. For example, a user named "admin" can be impersonated by registering as "admin" with a Cyrillic small character "a".
Fixing this hole will make online communities safer. You'll learn to write Drupal modules, write unit tests, and safely handle Unicode text.
Deliverable
In order to prevent this type of attack, Drupal will need to trim and transliterate (convert to ASCII) each user name, and store this value in the database. Before allowing a new account to be created, the name will be checked to see if a similar user exists.
The deliverable will be a contributed module compatible with Drupal 7.x, including unit tests in the SimpleTest framework. The transliteration module should be used as a dependency.
Resources
Primary contact
grendzy
Drupal Issue
#85826: prevent homographic logins