[ale] a quick test of web site stupid

Pete Hardie pete.hardie at gmail.com
Thu Feb 28 15:10:05 EST 2013


Damn, Jim beat me to it...


Pete Hardie
--------
Better Living Through Bitmaps


On Thu, Feb 28, 2013 at 3:09 PM, Pete Hardie <pete.hardie at gmail.com> wrote:

> Paging Bobby Tales; Bobby Tables please login at your earliest
> convenience.....
>
> Pete Hardie
> --------
> Better Living Through Bitmaps
>
>
> On Thu, Feb 28, 2013 at 2:43 PM, David Tomaschik <david at systemoverlord.com
> > wrote:
>
>> Any website that places "limits" on your password is doing it wrong.
>>  Minimums are fine (and arguably good) but limiting total length, character
>> set, or worst of all, words that can be included is doing it wrong.  I once
>> saw a site that said something like:
>>
>> The following are not allowed in usernames or passwords: ", ', =, /, *,
>> -, SELECT, DELETE, UPDATE, INSERT, UNION...
>>
>> That's right: they're looking for specific keywords to prevent SQL
>> injection... (and I distinctly recall that *DROP* was not in their list!)
>>
>>
>> On Thu, Feb 28, 2013 at 11:22 AM, Jim Kinney <jim.kinney at gmail.com>wrote:
>>
>>> This is just my opinion but....
>>>
>>> When I need to use a secure login for a web site like, say, a utility
>>> company or a shopping site that stores my credit card, I like to test the
>>> security of their coding practices by trying to use a password that has a
>>> '.' and a '!' in it. When they password checker complains, I take that as a
>>> good sign their coders don't properly escape user input data and thus are
>>> probably crappy in other areas.
>>>
>>> I am astounded at the number of places that still have issues (Verizon!).
>>>
>>> --
>>> --
>>> James P. Kinney III
>>> *
>>> *Every time you stop a school, you will have to build a jail. What you
>>> gain at one end you lose at the other. It's like feeding a dog on his own
>>> tail. It won't fatten the dog.
>>> - Speech 11/23/1900 Mark Twain
>>> *
>>> http://electjimkinney.org
>>> http://heretothereideas.blogspot.com/
>>> *
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>>
>>
>>
>> --
>> David Tomaschik
>> OpenPGP: 0x5DEA789B
>> http://systemoverlord.com
>> david at systemoverlord.com
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130228/0d084213/attachment.html>


More information about the Ale mailing list