On Tue, Dec 28, 2010 at 17:13, Paul M Foster <pa...@quillandmouse.com> wrote:
> If users want to embed spaces in their passwords, well and good. But at
> the beginning or end? No. Trim them. As mentioned elsewhere, I suspect
> this is mostly because of copying and pasting.

A leading space in a password is a terrific defence against
accidentally entering the password at the CLI and having it saved to
history. I've done that, not noticing that I was getting an SSH error
instead of a password prompt, and had the password in the history of a
machine that I couldn't erase the history of.

Another defensive password method is to end the password with
"&lang=en" to foil poorly-written web apps who GET the submission
form. I don't want my password stored in a webserver logfile somewhere
as a querystring, so disguising part of the password as a GET variable

A password that takes advantage of both these features might be "
John123Lennon&lang=en" which is easy to type, easy to remember, very
long and contains a wide variety of characters. Trimming spaces would
_not_ be what a user of this password would want. And yes, I'm the OCD
geek with such passwords.

Dotan Cohen


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to