[ale] a quick test of web site stupid

Pete Hardie pete.hardie at gmail.com
Thu Feb 28 15:09:17 EST 2013


Paging Bobby Tales; Bobby Tables please login at your earliest
convenience.....

Pete Hardie
--------
Better Living Through Bitmaps


On Thu, Feb 28, 2013 at 2:43 PM, David Tomaschik
<david at systemoverlord.com>wrote:

> Any website that places "limits" on your password is doing it wrong.
>  Minimums are fine (and arguably good) but limiting total length, character
> set, or worst of all, words that can be included is doing it wrong.  I once
> saw a site that said something like:
>
> The following are not allowed in usernames or passwords: ", ', =, /, *, -,
> SELECT, DELETE, UPDATE, INSERT, UNION...
>
> That's right: they're looking for specific keywords to prevent SQL
> injection... (and I distinctly recall that *DROP* was not in their list!)
>
>
> On Thu, Feb 28, 2013 at 11:22 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> This is just my opinion but....
>>
>> When I need to use a secure login for a web site like, say, a utility
>> company or a shopping site that stores my credit card, I like to test the
>> security of their coding practices by trying to use a password that has a
>> '.' and a '!' in it. When they password checker complains, I take that as a
>> good sign their coders don't properly escape user input data and thus are
>> probably crappy in other areas.
>>
>> I am astounded at the number of places that still have issues (Verizon!).
>>
>> --
>> --
>> James P. Kinney III
>> *
>> *Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his own
>> tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> *
>> http://electjimkinney.org
>> http://heretothereideas.blogspot.com/
>> *
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130228/c7e98c21/attachment.html>


More information about the Ale mailing list