Skip to content

[stable23] strtolower on mail address #882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ArtificialOwl merged 1 commit into from
Dec 23, 2021
Merged

[stable23] strtolower on mail address #882

ArtificialOwl merged 1 commit into from
Dec 23, 2021

Conversation

@backportbot-nextcloud
Copy link

@backportbot-nextcloud backportbot-nextcloud bot commented Dec 23, 2021

backport of #875

@ArtificialOwl @backportbot
strtolower on mail address
df99732 
Signed-off-by: Maxence Lange <[email protected]>
@backportbot-nextcloud backportbot-nextcloud bot added this to the Nextcloud 23.0.1 milestone Dec 23, 2021
@ArtificialOwl ArtificialOwl merged commit 2f54808 into stable23 Dec 23, 2021
@delete-merged-branch delete-merged-branch bot deleted the backport/875/stable23 branch December 23, 2021 16:13
@skjnldsv skjnldsv mentioned this pull request Jan 7, 2022
Merged
6 tasks
@lars-becker
Copy link

lars-becker commented Jan 9, 2022
edited
Loading

@skjnldsv @ArtificialOwl

This could cause problems. According to RFC 2822 section 3.4.1 the local part COULD differentiate between upper case and lower case in a way that both addresses are handled differently and lead to two different mailboxes. The standard would allow this and this could be a potential privacy issue because lowercasing could in those cases disclose mail for one inbox owner to another. I guess it's not that likely, but in theory its conceivable: which in turn also could lead to legal problems like "Verletzung des Fernmeldegeheimnis" in germany.

I'm not sure how likely it is that this will happen nowadays, but I know this problem because i had it once some twenty years ago when RFC 822 was current. RFC 2822 would still allow it; so a clean implementation only should normalize the domain part.

@ArtificialOwl
Copy link
Member

ArtificialOwl commented Jan 10, 2022

Is it really an issue as it will only prevent to add another user with the same mail address (but different case) ?

@lars-becker
Copy link

lars-becker commented Jan 10, 2022

Is it really an issue as it will only prevent to add another user with the same mail address (but different case) ?

Well I guess then one could argue that it's sufficient to handle this problem when it occurs; which won't be often.

This was referenced Jan 20, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ArtificialOwl ArtificialOwl ArtificialOwl approved these changes

@mejo- mejo- Awaiting requested review from mejo-

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

Nextcloud 23.0.1

Development

Successfully merging this pull request may close these issues.

3 participants

@lars-becker @ArtificialOwl