Re: seen on the ANA website

[security curmudgeon <jericho () attrition org>]

: I guess this fits the MO for this ML,
: 
: I was just on the ANA website, playing with their mileage program that 
: can't cope with my name being spelled 4 different ways depending on the 
: phase of the moon. Heaven help someone with a complicated name!
: 
: In the forms section:
: 
: For security reasons, please do not use the following marks----' '," ",< 
: >and( ).

More and more I am seeing web sites, specifically banks and service 
providers (online bill paying) require passwords that do not use any 
special characters.

: Does this mean:
:       A) We are incapable of secure coding and use SQL, meaning that anyone with
:       a modicum of SQL knowledge will be able to vacuum our database.
: 
:       B) We are also incapable of filtering out potentially malicious HTML, so please
:       don't do that.

i'll vote A & B

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.