[geeklog-devtalk] Remote Authentication ;-)

[Vincent Furia]

On Fri, 4 Feb 2005 22:35:36 +0100, Dirk Haun <dirk at haun-online.de> wrote:

> Vinny,

> 

> >i.e.  mynameismike1234-5678 will be the same as mynameismike1234-8765

> >in our database.  That would be a BAD THING(TM).

> 

> Why exactly? As I said before, once you're past the authentication, it

> shouldn't matter how many users there are that have identical usernames

> since we identify them by UID.

> 


Take this scenario:

1. mynameismike1234-5678 logs in (via authentication), he gets a
unique uid of 6, his username for the geeklog site is
mynameismike1234 at blogger.com
2. mynameismike1234-5678 logsout
2. mynameismike1234-8765 logs in (via authentication), the system sees
that his username matches mynameismike1234 at blogger.com who already has
an account established.  He is therefore uid 6 also (but his password
may or may not work depending on the implementation, do we go through
the API to authenticate every time or just on the first login?)

Anyway, since we don't store the full blogger username anywhere, when
theses users log back in we have to way to differentiate between them.

Also using display names won't work either because they are non-unique.

Also, all this brings up the question: shouldn't usernames be unique? 
Two people can't share the same username (how would they log in?).

-Vinny