[ZendTo] Limit authentication by user-name

John Thurston john.thurston at alaska.gov
Wed Jun 15 21:08:42 BST 2022

We expect internal users to authenticate to ZendTo to perform their 
transfers. There is a subset of accounts we think should _not_ be 
allowed to authenticate. These accounts are recognizable because their 
usernames end with magic strings:

I see 'usernameRegexp' in the config file:
   // Regular expression defining a valid username for the Login page.
   // Usually no need to change this.
   'usernameRegexp'    => '/^([a-zA-Z0-9][a-zA-Z0-9\_\.\-\@\\\]*)$/i',

Is this where I might try to hack together a regexp which would fail to 
match those magic strings?

Is there a different regexp (which I have not yet found) which defines 
an exclusion list of usernames?

Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska

More information about the ZendTo mailing list