future-tense/stargazer

federated names for getstargazer.com aren't case-insensitive

Closed this issue · 1 comments

Federated names for getstargazer.com aren't case-insensitive, right? Isn't this a bad idea?

e.g. If Jed McCaleb's address is StellarFounderSTARgetstargazer.com, some malicious person could trick a user into donating to a fake stellarfounderSTARgetstargazer.com address instead.

I've solved this by removing the federation functionality from the app. You can still use the already registered names, but you can't register new ones.

I might move it to the website instead, but if not, there are plenty of other federation services out there