For usernames, I usually only allow alphanumerics, constrain the length, and treat them case insensitively. No spaces, no punctuation, no 200-char strings. It just makes things easier. Passwords, however, are an open game. Anything you can cram in the form fields, you can use. And your database's support should be irrelevant, because you shouldn't be storing plaintext passwords anyway. You should always hash them, and for all but the simplest apps, should salt the hash.
cheers, barneyb On Tue, 8 Mar 2005 10:50:41 -0500, Burns, John D <[EMAIL PROTECTED]> wrote: > I've thought this logic through many times and my personal opinion is > that it comes down to support. If my DB and programming language can > handle the weird characters, why make them "illegal"? Back in the days > when the systems couldn't handle certain characters, I could understand > the restraints, but now, if you're using a good DB and language, it > seems the only limitations you really need to put on usernames and > passwords is length (based on the field in the DB and any security rules > you'd like to enforce (must contain a letter, number and symbol, etc.). > Now, my thought is that's all that you need to do IN THEORY. If someone > can type it in, let it be. However, I do realize that people may > accidentally type in incorrect information when they register their > username or password and then it becomes a support issue. However, if > you do duplicate fields where people have to retype information, that > will tend to decrease the number of mistakes that happen. This is just > my opinion and I figured I'd share and see if anyone else has comments. > > John Burns > Certified Advanced ColdFusion MX Developer > Wyle Laboratories, Inc. | Web Developer > > -----Original Message----- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 08, 2005 10:28 AM > To: CF-Talk > Subject: RE: cftransaction... it wasnt safe? > > While the same OS allows spaces in passwords... > > -----Original Message----- > From: Jared Rypka-Hauer - CMG, LLC [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 8 March 2005 9:21 > To: CF-Talk > Subject: Re: cftransaction... it wasnt safe? > > [snip] > > There are rules for passwords, and "no spaces" be one of mine. I figure > if Microsoft can tell me that "Backup 2/15/2005.zip" is an > illegal file name, then I can tell someone that "my dog has$$fleas " > is an illegal password. > > [snip] > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197838 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
