From d65d939f416f3e0d287a69250a2acb419ee19cc1 Mon Sep 17 00:00:00 2001 From: Neil Jenkins Date: Fri, 12 Apr 2024 12:51:56 +1000 Subject: [PATCH] sharing: Unicode is a proper noun --- rfc/src/sharing.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rfc/src/sharing.xml b/rfc/src/sharing.xml index 432662d..6476de8 100644 --- a/rfc/src/sharing.xml +++ b/rfc/src/sharing.xml @@ -396,7 +396,7 @@ for this principal that the user has access to, or null if none.
Spoofing Allowing users to edit their own Principal's name (and, to a lesser extent, email, description, or type) could allow a user to change their Principal to look like another user in the system, potentially tricking others into sharing private data with them. Servers may choose to forbid this, and SHOULD keep logs of such changes to provide an audit trail. -Note that simply forbidding the use of a name already in the system is insufficient protection, as a malicious user could still change their name to something easily confused with the existing name by using trivial misspellings or visually similar unicode characters. +Note that simply forbidding the use of a name already in the system is insufficient protection, as a malicious user could still change their name to something easily confused with the existing name by using trivial misspellings or visually similar Unicode characters.
Unnoticed sharing