Details
-
Improvement
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
None
-
Server Security
Description
Unicode specification, chapter 3. Section 3.11 discusses the canonicalization forms: http://www.unicode.org/versions/Unicode6.2.0/ch03.pdf
In essence, if a sophisticated user looking at two user or role names cannot distinguish them without looking at the sequence of code points used to encode them, applications and drivers will be at risk of producing the wrong byte string based on user input, preventing log-in, or identifying the incorrect user or role.
Attachments
Issue Links
- is related to
-
SERVER-11601 SSL server hostname validation should use unicode canonicalization NFC
-
- Backlog
-
-
SERVER-10896 Enforce prohibition of embedded NULLs in role names.
-
- Closed
-
-
SERVER-10898 Passwords should be canonicalized according to unicode canonicalization NFC
-
- Closed
-