On Dec 31, 2010, at 12:41 AM, Joshua Kehn wrote:

On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote:

On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:


Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters.

Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users.

I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily-crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/ passwords???

My point has been completely missed by you. I'm not saying don't allow copy pasting usernames and passwords (though I think that this is a poor choice). I'm saying don't automatically trim the passwords.

Sorry, I was mislead by your use of the phrase "Users should not be copy-pasting passwords or usernames" above. I'd love to hear what you think is an alternative to identifying with web app that keeps track of information about someone that is more secure.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to