funsec mailing list archives
Re: seen on the ANA website
From: security curmudgeon <jericho () attrition org>
Date: Sat, 1 Sep 2007 16:42:31 +0000 (UTC)
: I guess this fits the MO for this ML, : : I was just on the ANA website, playing with their mileage program that : can't cope with my name being spelled 4 different ways depending on the : phase of the moon. Heaven help someone with a complicated name! : : In the forms section: : : For security reasons, please do not use the following marks----' '," ",< : >and( ). More and more I am seeing web sites, specifically banks and service providers (online bill paying) require passwords that do not use any special characters. : Does this mean: : A) We are incapable of secure coding and use SQL, meaning that anyone with : a modicum of SQL knowledge will be able to vacuum our database. : : B) We are also incapable of filtering out potentially malicious HTML, so please : don't do that. i'll vote A & B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- seen on the ANA website Peter Evans (Sep 01)
- Re: seen on the ANA website security curmudgeon (Sep 01)
- Re: seen on the ANA website Dennis Henderson (Sep 01)
- Re: seen on the ANA website security curmudgeon (Sep 01)