为什么用户名应该是不可更改的? [英] Why should usernames be unchangable?

问题描述

我到处都读到(并在实践中看到)用户名不应该改变.当我问为什么时，会给出安全"作为理由.

我一直在寻找关于为什么更改用户名不安全的明确答案，但我似乎找不到答案.

这里有安全经验的人能回答这个问题吗?

注意:如果您不知道答案，请不要猜测.我自己想了很多原因，但我不知道实际的答案，因此问题来了.

更新:
1:通过 userId 我的意思是指某种唯一标识符，无论是数据库记录 ID 还是其他一些唯一 ID.我多次被告知更改用户名不利于安全，即使用户名不是系统本身的主要/唯一标识符.

2:我确实允许用户更改他们的公共名称".这是用于向其他(非特权)用户标识用户的名称.例如:

<块引用>

用户 ID:1234
用户名:john02
公称:John Jameson
邮箱:j.jameson@dev.null

3:正如 Jason 和 The Rook，一致性似乎是唯一的好理由.我感觉这种最佳实践"可能是过去在系统中实际使用用户名来唯一标识用户时遗留下来的.

解决方案

出于安全方面的考虑，您可能不希望允许用户更改其名称的原因有很多.然而，作为一个全力以赴的永远不要这样做" - 我不一定同意.但是，允许更改名称会产生相当多的额外工作.如果您打算允许用户更改其身份，则必须非常小心，原因如下.

1. 保持一致的用户身份.假设您运行了一个留言板，并且 Troll_1 位于每个人的阻止列表中.如果 Troll_1 能够更改他或她的名字，那么所有这些用户过滤器都没有用，您会有一些不满意的用户.
2. 除了答案 1，您还希望在您的底层系统之间保持一致性.如果允许用户更改名称，您必须确保检查您是否更新该用户正在使用的每个系统，以便他或她不会失去(或获得)进入他们(或不允许)区域的权限.此外，如果用户更改了他或她的姓名，而新用户希望使用该姓名，则您可能会无意中允许该新用户访问旧用户的信息/数据/如果您在更新系统时没有进行尽职调查.
3. 根据您拥有的系统类型，从欺诈的角度来看，允许某人更改其用户名可能会使您的系统容易被滥用.您可以让某人假装是两个不同的人来回切换他们的名字以试图欺骗某人.一个不知情的受害者很容易上当.(我知道这听起来很愚蠢，但我见过有人想出更疯狂的废话.)

无论如何，正如我所说的 - 我不认为允许用户更改他们的名字一定是件坏事.但是，它确实为您(开发人员)带来了更多的工作.用户名现在不能是数据库中的唯一 ID，并且用户名现在不一定与某人相关(因为它们以后可以更改)，因此您必须有一个不同的系统来表达唯一性".

I read everywhere (and see in practice) that usernames should not be changeable. When I ask why, 'security' is given as a reason.

I've been searching for a definitive answer as to why changing a username is insecure, but I can't seem to find the answer.

Could any of the security experienced people here answer this question?

Note: if you do not know the answer, please refrain from speculation. I've thought of a number of reasons myself, but I don't know the actual answer, hence the question.

UPDATE:
1: By userId I meant to refer to some sort of unique identifier, be it a database record id or some other unique id. I've been told several times that changing the username is bad for security, even if the username is not the primary/unique identifier for the system itself.

2: I do allow users to change their 'public name'. This is the name that is used to identify the user to the other (non-privileged) users. for example:

userId: 1234
username: john02
public name: John Jameson
email: j.jameson@dev.null

3: As pointed out by Jason and The Rook, consistency seems the only good reason. I've the feeling this 'best practice' might be a leftover from somewhere in the past when usernames where actually used within the system to uniquely identify users.

解决方案

There are a number of reasons from a security aspect that you may not wish to allow users to change their names. However, as an all-out "NEVER do this" - I don't necessarily agree. But, allowing name changes creates quite a bit of extra work. If you are going to allow users to change their identities, you have to be very careful due to the reasons below.

1. Maintaining a consistent user identity. Let's say you run a message board and Troll_1 is on everybody's block list. If Troll_1 is able to change his or her name, then all those user filters are no good and you have some unhappy users.
2. Along with answer number 1, you also want to maintain consistency across your underlying systems. If users are allowed to change names, you have to make sure you check that you either, update every system that that user is using so that he or she does not lose (or gain) permissions into areas they are (or are not) allowed. Additionally, if a user changes his or her name and a new user wishes to use that name, you may, inadvertently, allow that new user access to the old user's information/data/whatever if you have not done due diligence in updating your systems.
3. Depending on what type of system you have, allowing someone to change their user name can make your system prone to abuse from a fraud standpoint. You could have someone switching their name back and forth pretending to be two different people in an attempt to scam someone. An unaware victim may easily fall for it. (Sounds stupid, I know, but I have seen people come up with crazier crap.)

Anyway, as I said - I don't believe it's necessarily a bad thing to allow users to change their names. However, it does create quite a bit more work for you, the developer. User names now can't be unique IDs in a database and user names now don't necessarily relate to someone (because they can be changed later), so you have to have a different system in place for expressing "uniqueness."

这篇关于为什么用户名应该是不可更改的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！