On 9/1/07, security curmudgeon <[EMAIL PROTECTED]> wrote: > > > : I guess this fits the MO for this ML, > : > : I was just on the ANA website, playing with their mileage program that > : can't cope with my name being spelled 4 different ways depending on the > : phase of the moon. Heaven help someone with a complicated name! > : > : In the forms section: > : > : For security reasons, please do not use the following marks----' '," ",< > : >and( ). > > More and more I am seeing web sites, specifically banks and service > providers (online bill paying) require passwords that do not use any > special characters. > > : Does this mean: > : A) We are incapable of secure coding and use SQL, meaning that > anyone with > : a modicum of SQL knowledge will be able to vacuum our database. > : > : B) We are also incapable of filtering out potentially malicious > HTML, so please > : don't do that.
How about C. Business Units that are so afraid that their customers will be put off by having to type [EMAIL PROTECTED]()_ that they demand passwords that do not expire, and are basically weak.. passwords, that is...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
