id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36476	Homoglyph attacks	Mike Lissner		"We have a vulnerability disclosure policy on our website and got a report today that our system allows usernames with [https://en.wikipedia.org/wiki/Homoglyph homoglyphs]such that somebody can impersonate another user by using unicode characters. We use the django auth system, so I thought I'd take this upstream a bit. 

I'm did a little digging and didn't see anywhere this was discussed. 

Two thoughts: 
1. Is this something Django has thought about? 
2. If we find a general solution for it (I haven't researched it yet), is a PR to prevent homoglyphs welcome? 

Thanks all! "	Uncategorized	closed	contrib.auth	5.1	Normal	wontfix	unicode		Unreviewed	0	0	0	0	0	0