At 12:04 PM + 12/31/10, Nathan Rixham wrote:
Tamara Temple wrote:
Sorry, I was mislead by your use of the phrase "Users should not be
copy-pasting passwords or usernames" above. I'd love to hear what
you think is an alternative to identifying with web app that keeps
track of information ab
Tamara Temple wrote:
Sorry, I was mislead by your use of the phrase "Users should not be
copy-pasting passwords or usernames" above. I'd love to hear what you
think is an alternative to identifying with web app that keeps track of
information about someone that is more secure.
client side ssl
Tamara Temple wrote:
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:
Specifically:
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
Users should not be copy-pasting passwords or use
On Dec 31, 2010, at 12:37 AM, Mujtaba Arshad wrote:
Won't there also be a higher chance of getting your username/
password combination stolen if you are keylogged, if you are typing
in your passwords all day everyday? Obviously, the people on this
list will say "I don't get keylogged, cause
On Dec 31, 2010, at 12:41 AM, Joshua Kehn wrote:
On Dec 31, 2010, at 1:31 AM, Tamara Temple wrote:
20? child's play. How about 250+ randomly generated passwords and
username combinations?
Why do you randomly generate 250+ usernames and passwords??
I generate unique pairs for the various
On Dec 31, 2010, at 12:41 AM, Joshua Kehn wrote:
On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote:
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:
Specifically:
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their
usernames and
passwords coping and pasting leadin
On Dec 29, 2010, at 7:27 PM, Mujtaba Arshad wrote:
craphound.com/images/xkcdwrongoninternet.jpg
Least you could do is give Randall the love, instead of Cory :)
http://xkcd.com/386/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Dec 31, 2010, at 1:31 AM, Tamara Temple wrote:
>
> On Dec 28, 2010, at 10:28 PM, Joshua Kehn wrote:
>
>> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>>
>>> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>>>
Specifically:
>> Dotan Cohen wrote:
>>> I see
On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote:
>
> On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:
>
>> Specifically:
>>
Dotan Cohen wrote:
> I seem to have an issue with users who copy-paste their usernames and
> passwords coping and pasting leading and trailing space characte
Won't there also be a higher chance of getting your username/password
combination stolen if you are keylogged, if you are typing in your passwords
all day everyday? Obviously, the people on this list will say "I don't get
keylogged, cause I am that pro" but whatever, just don't force people to
ente
On Dec 28, 2010, at 10:28 PM, Joshua Kehn wrote:
On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
Specifically:
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their
usernames and
passwords coping and pas
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:
Specifically:
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames
and
passwords coping and pasting leading and trailing space characters.
Users should not be copy-pasting passwords or usernames. Do not
com
Wont mind doing once I get home. You should study the council. The base of a
company does not mean they don't have branches. If you read past the first
page, you would understand... joint council... does microsoft have an office
there ;). What's your site again... interested. On a cell right now, b
On Thu, 2010-12-30 at 11:27 -0500, Omega -1911 wrote:
> Which topic ashley do u wish to discuss. With the eccouncil.org being in
> your neck of th woods, learning/reading what hackers are using/doing
> shouldn't be hard...
> On Dec 30, 2010 11:23 AM, "Ashley Sheridan"
> wrote:
> > On Thu, 2010-12
On Thu, Dec 30, 2010 at 11:27, Omega -1911 <1911...@gmail.com> wrote:
> Which topic ashley do u wish to discuss. With the eccouncil.org being in
> your neck of th woods, learning/reading what hackers are using/doing
> shouldn't be hard...
Really, this entire thing has gone on for far too long.
Which topic ashley do u wish to discuss. With the eccouncil.org being in
your neck of th woods, learning/reading what hackers are using/doing
shouldn't be hard...
On Dec 30, 2010 11:23 AM, "Ashley Sheridan"
wrote:
> On Thu, 2010-12-30 at 11:19 -0500, Omega -1911 wrote:
>
>> I'm pretty sure there i
On Thu, 2010-12-30 at 11:19 -0500, Omega -1911 wrote:
> I'm pretty sure there is a lot that happened that has not been mentioned yet
> ;)
>
> But I digress... it's all came down to no one being able to contradict my
> post. If u consider an attempt to get personal a defense, I would hope that
> i
I'm pretty sure there is a lot that happened that has not been mentioned yet
;)
But I digress... it's all came down to no one being able to contradict my
post. If u consider an attempt to get personal a defense, I would hope that
in a real world scenario, u have a better tactic.
On Wed, Dec 29, 2010 at 06:52:28PM -0500, TR Shaw wrote:
[snip]
>
> So now lets look at the case where there is malware on your machine
> which will try to brute force your computationally hard password and
> is smart enough to use your graphics engine to increased computational
> power. Folks
On Thu, 2010-12-30 at 11:04 -0500, Paul M Foster wrote:
> On Wed, Dec 29, 2010 at 08:27:49PM -0500, Mujtaba Arshad wrote:
>
> > craphound.com/images/xkcdwrongoninternet.jpg
>
> And this is why I love XKCD. LOL.
>
> Paul
>
> --
> Paul M. Foster
> http://noferblatz.com
>
>
It's got a comic
On Wed, Dec 29, 2010 at 08:27:49PM -0500, Mujtaba Arshad wrote:
> craphound.com/images/xkcdwrongoninternet.jpg
And this is why I love XKCD. LOL.
Paul
--
Paul M. Foster
http://noferblatz.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Wed, Dec 29, 2010 at 05:32:38PM -0500, Daniel P. Brown wrote:
> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
> > Sound silly? Why Daniel? It's all documented and public knowledge. What I
> > thought was silly was a entire thread about which ASCII combination was
> > bes
On Thu, Dec 30, 2010 at 03:05, Nicholas Kell wrote:
> Even funnier yet - bottom post like you were asked. And to really bust your
> gut, this thread has gone on far too long off topic.
>
> I believe that the person you are referring to as Dani, is in fact Daniel. I
> don't, nor would I ever star
craphound.com/images/xkcdwrongoninternet.jpg
Perfect way to describe how the members on this list are behaving right now.
On Wed, Dec 29, 2010 at 8:17 PM, Omega -1911 <1911...@gmail.com> wrote:
> < I see you Waving your pom poms...>
> I guess it was ok for Dani to say " I'm just
> not sure if it
< I see you Waving your pom poms...>
I guess it was ok for Dani to say " I'm just
not sure if it's pronounced with a "J" or an "H" sound. I mean,
Arthur's name is easy enough, but I honestly am confused by Javen's
(except when he spells it out like James Vencent)."
First, that is assuming a lot..
On Wed, Dec 29, 2010 at 20:04, Alexis wrote:
>
> What has any of this got to do with PHP!!!
>
> If the moderator is reading this can they please out a stop to it at
> once, as it appears to have got way out of control.
>
> Thanks and a Happy New year to one and all
What moderator? It's an op
On Dec 29, 2010, at 6:37 PM, Omega -1911 wrote:
> I know something funnier... Let's wait for Dani's response.
>
> On Wed, Dec 29, 2010 at 7:28 PM, Bastien wrote:
>>
>>
>> On 2010-12-29, at 5:32 PM, "Daniel P. Brown"
>> wrote:
>>
>>> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail
What has any of this got to do with PHP!!!
If the moderator is reading this can they please out a stop to it at
once, as it appears to have got way out of control.
Thanks and a Happy New year to one and all
On 29/12/10 16:38, Omega -1911 wrote:
Etiquette went out the window a while ago. As
On Dec 29, 2010, at 6:52 PM, TR Shaw wrote:
>
> On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote:
>
>> On Dec 29, 2010, at 12:37 PM, tedd wrote:
>>
>>> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
>>>
>>> I've always wondered about that -- if you
I know something funnier... Let's wait for Dani's response.
On Wed, Dec 29, 2010 at 7:28 PM, Bastien wrote:
>
>
> On 2010-12-29, at 5:32 PM, "Daniel P. Brown"
> wrote:
>
>> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
>>> Sound silly? Why Daniel? It's all documented and
On 2010-12-29, at 5:32 PM, "Daniel P. Brown" wrote:
> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
>> Sound silly? Why Daniel? It's all documented and public knowledge. What I
>> thought was silly was a entire thread about which ASCII combination was
>> best.. convert t
On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote:
> On Dec 29, 2010, at 12:37 PM, tedd wrote:
>
>> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
>>> Also, change them {passwords} frequently.
>>
>> I've always wondered about that -- if your password works, then why change
>> it? Where's the log
On Wed, Dec 29, 2010 at 18:38, Omega -1911 <1911...@gmail.com> wrote:
> Etiquette went out the window a while ago. As Rambo said, "He drew
> first blood..." If you could not PROVE ME WRONG, you could have kept
> your mouth shut. You jumped in head first. And you have YET to prove
> me wrong. Then t
Etiquette went out the window a while ago. As Rambo said, "He drew
first blood..." If you could not PROVE ME WRONG, you could have kept
your mouth shut. You jumped in head first. And you have YET to prove
me wrong. Then to throw off the subject, you resort to telling the
world who you believe I am.
Quote:
I was pleased earlier, however, to learn about your interest in
helping others by creating a venue for them to sell their own homemade
pornographic DVDs at such a low price, but then disappointed to learn
that your grasp of Perl and site management wasn't yet up to par.
Lol what.
On We
On Wed, Dec 29, 2010 at 18:20, Omega -1911 <1911...@gmail.com> wrote:
> AHHH... Searching by by an email is REALLY what you call hacking? Oh
> wait, you said that with all your knowledge in forensics you can find
> people all over the world. Thank God for Go0GlE.
Please don't top-post.
Ne
AHHH... Searching by by an email is REALLY what you call hacking? Oh
wait, you said that with all your knowledge in forensics you can find
people all over the world. Thank God for Go0GlE.
(remoteclerk.com) c-174-59-179-206.hsd1.pa.comcast.net - -
[29/Dec/2010:10:19:50 -0800] "GET /quick_calendar.
On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
> Sound silly? Why Daniel? It's all documented and public knowledge. What I
> thought was silly was a entire thread about which ASCII combination was
> best.. convert to a higher range above the 255 character range...
>
> There i
Sound silly? Why Daniel? It's all documented and public knowledge. What I
thought was silly was a entire thread about which ASCII combination was
best.. convert to a higher range above the 255 character range...
There is NOTHING I have mentioned that you or anyone can call a lie. Google
or eccounc
On Wed, Dec 29, 2010 at 11:57, Omega -1911 <1911...@gmail.com> wrote:
> Those were some pretty confident statements there. "You doubt the government
> would want to hack your computer..." Well, the U.S. tries to prevent over 1
> million attacks per day as documented and has admitted to having been
On Dec 29, 2010, at 12:37 PM, tedd wrote:
> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
>> Also, change them {passwords} frequently.
>
> I've always wondered about that -- if your password works, then why change
> it? Where's the logic in that?
>
> From my perspective, it looks like "Hey, th
At 11:57 AM -0500 12/29/10, Omega -1911 wrote:
Why not store passwords inside of programs like "snow"?
Maybe yellow snow, but never in something permanent.
My advice -- memorize your passwords -- don't commit them to storage.
I have a list of passwords committed to memory that fall into thre
At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
I've always wondered about that -- if your password works, then why
change it? Where's the logic in that?
From my perspective, it looks like "Hey, the crackers have not been
able to crack this, so let's
At 4:06 PM -0500 12/28/10, Daniel Brown wrote:
On Tue, Dec 28, 2010 at 16:05, Dotan Cohen wrote:
Did you know that when you type 'brown1' we see it as **? Your
system does that automatically.
That's how I see it, too. It took me fourteen years to realize
that my password wasn't ju
Those were some pretty confident statements there. "You doubt the government
would want to hack your computer..." Well, the U.S. tries to prevent over 1
million attacks per day as documented and has admitted to having been
breached more often than not... !!! But as someone who let's just say has
pr
On Dec 29, 2010, at 10:40 AM, Paul M Foster wrote:
> On Wed, Dec 29, 2010 at 11:06:15AM +0200, Dotan Cohen wrote:
>
>> On Wed, Dec 29, 2010 at 06:51, Paul M Foster wrote:
>
>
>
>>
>>> Under the circumstances I described, I have yet to hear in what way
>>> copying and pasting passwords compr
On Wed, Dec 29, 2010 at 11:06:15AM +0200, Dotan Cohen wrote:
> On Wed, Dec 29, 2010 at 06:51, Paul M Foster wrote:
>
> > Under the circumstances I described, I have yet to hear in what way
> > copying and pasting passwords compromises security of anything by
> > itself. Please enlighten me.
>
On Wed, Dec 29, 2010 at 04:20:58AM -0500, Omega -1911 wrote:
> > Well, let's see. My system sits behind a firewall. No external services
> > are advertised to the internet. All internal addresses are non-routable.
> > I do not use or have any wifi. The system sits in my home office. I use
> > a De
Hi Doran - that may partially work, but what happens on the site's level? If
the site is hacked, millions of passwords are stolen. All of the hard work
put forth to protect your pc becomes useless. I think it has to be a two way
street ... On a shared host, security and the ability to capture passw
On Wed, Dec 29, 2010 at 11:20, Omega -1911 <1911...@gmail.com> wrote:
> Hi Paul - I am interested in knowing how you prevent intrusion with
> your firewall when it is a known fact that post 9/11 companies that
> develop such leave ports open for "Big Brother" as required. Remember
> "Green Lantern"
> Well, let's see. My system sits behind a firewall. No external services
> are advertised to the internet. All internal addresses are non-routable.
> I do not use or have any wifi. The system sits in my home office. I use
> a Debian Linux system and practice very safe computing. I often
> investig
On Wed, Dec 29, 2010 at 07:00, David Hutto wrote:
> Correct me if I'm wrong, but If you initially type the username and
> password into a file, and you have, in my paranoid scenario, a
> keylogger you don't know about, it get's logged, but also, i assume it
> would get logged if you typed it in as
On Wed, Dec 29, 2010 at 06:51, Paul M Foster wrote:
>> I agree that users should not use weak passwords, but not everyone goes
>> everywhere with a vault. I am more then capable of memorizing 20 or so 16-32
>> character full set passwords.
>>
>
> And so you assume everyone can do that? I can rem
On Wed, Dec 29, 2010 at 02:46, David Harkness wrote:
> To address the OP, I would agree with skipping trim on both the user name
> and password. If it's a copy-paste error, they will try again.
>
They do try again: copying and pasting in the exact same manner. It
keeps happening.
> If you want
It would seem that with in the streaming of information that moves
across networks, that such things as virus detection within these
networks(meaning governmental oversite of info...post 9/11), which, if
I'm not mistaken is regexing for matching strings of definitions, are
checked for as they strea
On Wed, Dec 29, 2010 at 12:00:01AM -0500, David Hutto wrote:
> On Tue, Dec 28, 2010 at 11:51 PM, Paul M Foster
> wrote:
> > On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
> >
> >> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
> >>
> >> > On Tue, Dec 28, 2010 at 03:11:56PM -0500,
On Tue, Dec 28, 2010 at 11:51 PM, Paul M Foster wrote:
> On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
>
>> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>>
>> > On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>> >
>> >> Specifically:
>> >>
>> Dotan Cohen wrote
On Dec 28, 2010, at 11:51 PM, Paul M Foster wrote:
> On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
>
>> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>>
>>> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>>>
Specifically:
>> Dotan Cohen wrote:
>>>
On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>
> > On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
> >
> >> Specifically:
> >>
> Dotan Cohen wrote:
> > I seem to have an issue with users who copy-paste the
On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>
>> Specifically:
>>
Dotan Cohen wrote:
> I seem to have an issue with users who copy-paste their usernames and
> passwords coping and pasting leading and trailing space
On Tue, Dec 28, 2010 at 3:28 PM, Paul M Foster wrote:
> Users would be wise to follow a scheme like
> this, rather than using their dog's name or somesuch as their passwords.
Aww man, I've been using "somesuch" as the password for all my accounts and
now you've ruined it! Luckily I use your dog'
On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
> Specifically:
>
> >> Dotan Cohen wrote:
> >>> I seem to have an issue with users who copy-paste their usernames and
> >>> passwords coping and pasting leading and trailing space characters.
>
> Users should not be copy-pasting passwo
On Tue, Dec 28, 2010 at 16:10, Peter Lind wrote:
>
> Bla bla bla not Friday yet bla bla bla cut down on the noise on the list bla
> bla
I tend to think that you fail to see the actual meaning behind the
messages, Peter, and instead just like to remind me of my own words.
Don't worry: I remem
On 28 December 2010 22:06, Daniel Brown wrote:
> On Tue, Dec 28, 2010 at 16:05, Dotan Cohen wrote:
>>
>> Did you know that when you type 'brown1' we see it as **? Your
>> system does that automatically.
>
> That's how I see it, too. It took me fourteen years to realize
> that my password
On Tue, Dec 28, 2010 at 16:05, Dotan Cohen wrote:
>
> Did you know that when you type 'brown1' we see it as **? Your
> system does that automatically.
That's how I see it, too. It took me fourteen years to realize
that my password wasn't just six asterisks (though, in my hand-made,
high-
On Tue, Dec 28, 2010 at 23:02, Daniel Brown wrote:
> This thread has really just gone on far too long without the only
> correct answer: always use the same username/password for everything,
> and always make them as simple as possible so that you can remember
> them. For example, I always use
On Tue, Dec 28, 2010 at 15:43, Nathan Rixham wrote:
>
> that's what pkcs12 was invented for, just issue another certificate / key
> pair.
This thread has really just gone on far too long without the only
correct answer: always use the same username/password for everything,
and always make the
On Tue, Dec 28, 2010 at 22:43, Nathan Rixham wrote:
> that's what pkcs12 was invented for, just issue another certificate / key
> pair.
>
I could probably automate and script it, I would just give the users a
name/password combo to their own control panel...
--
Dotan Cohen
http://gibberish.co.
On Tue, Dec 28, 2010 at 22:52, Joshua Kehn wrote:
> We're PHP programmers, we do the impossible all the time. Without automatic
> migrations, managed models, succinct
> ORM's. Other developers look at us in shock as we memorize the $haystack and
> $needle argument orders for explode
> and str* f
On Dec 28, 2010, at 3:24 PM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 22:11, Joshua Kehn wrote:
>> Users should not be copy-pasting passwords or usernames. Do not compromise a
>> system to cater to bad [stupid, ignorant, you pick] users. If this is an
>> issue then educate the users.
>>
>
>
Dotan Cohen wrote:
On Tue, Dec 28, 2010 at 22:30, Joshua Kehn wrote:
indeed, and on reflection, if you're putting this much effort in to it, and
security is a worry, then forget username and passwords, and issue each user
with a client side RSA v3 certificate and identify them via the public ke
On Dec 28, 2010, at 3:32 PM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 22:30, Joshua Kehn wrote:
>>> indeed, and on reflection, if you're putting this much effort in to it, and
>>> security is a worry, then forget username and passwords, and issue each user
>>> with a client side RSA v3 certif
On Tue, Dec 28, 2010 at 22:30, Joshua Kehn wrote:
>> indeed, and on reflection, if you're putting this much effort in to it, and
>> security is a worry, then forget username and passwords, and issue each user
>> with a client side RSA v3 certificate and identify them via the public key
>> of the c
On Dec 28, 2010, at 3:26 PM, Nicholas Kell wrote:
>
> If you work for a company that admins over a hundred websites, you may be
> inclined to copy-paste a few passwords.
>
> I don't know about you, but when we use passwords that are over 16 characters
> long and I don't want to get an incorrec
On Dec 28, 2010, at 3:29 PM, Nathan Rixham wrote:
> Joshua Kehn wrote:
>> On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote:
>>> I'm toying with the idea of having the passwords hashed twice: they're
>>> already in the database hashed, and javascript hashes them on the
>>> client before sending them
On Tue, Dec 28, 2010 at 22:26, Joshua Kehn wrote:
> Educate the users, don't compromise the system. Either go full on and trim
> everything (I don't recommend this) or trim
> nothing. Be consistent in which one you pick.
>
Then how about:
if ($trimmedPassword==$realPassword && $enteredPassword!=
Joshua Kehn wrote:
On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote:
I'm toying with the idea of having the passwords hashed twice: they're
already in the database hashed, and javascript hashes them on the
client before sending them over, but I'm thinking about sending an
additional salt to the c
On Dec 28, 2010, at 3:23 PM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 22:02, Joshua Kehn wrote:
>> Trim usernames but not passwords.
>> Some people put spaces at the beginning and end of their passwords. Double
>> confirm and don't mess with the input otherwise they tend to get confused.
>>
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:
> Specifically:
>
>>> Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
>
> Users should not be copy-pasting passwords or username
On Tue, Dec 28, 2010 at 22:23, Peter Lind wrote:
> Sounds like https would be MUCH simpler and likely as safe or safer. I
> wouldn't waste my time on trying to come up with very clever schemes
> when tried and true technologies are out there.
>
You are right, I know.
>> But before all that goes
On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote:
> I'm toying with the idea of having the passwords hashed twice: they're
> already in the database hashed, and javascript hashes them on the
> client before sending them over, but I'm thinking about sending an
> additional salt to the client to hash
On Tue, Dec 28, 2010 at 22:11, Joshua Kehn wrote:
> Users should not be copy-pasting passwords or usernames. Do not compromise a
> system to cater to bad [stupid, ignorant, you pick] users. If this is an
> issue then educate the users.
>
Educate the users?!? Is that like making water flow uphill,
Dotan Cohen wrote:
On Tue, Dec 28, 2010 at 21:57, Nathan Rixham wrote:
Don't trim or limit the range of input characters, but far more importantly
/don't send passwords in clear text/, indeed don't generate passwords at
all, let users enter there desired password, then they won't be copy and
pa
On 28 December 2010 21:18, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 21:57, Nathan Rixham wrote:
>> Don't trim or limit the range of input characters, but far more importantly
>> /don't send passwords in clear text/, indeed don't generate passwords at
>> all, let users enter there desired pass
Trim usernames but not passwords.
Some people put spaces at the beginning and end of their passwords. Double
confirm and don't mess with the input otherwise they tend to get confused.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
O
On Tue, Dec 28, 2010 at 22:02, Joshua Kehn wrote:
> Trim usernames but not passwords.
> Some people put spaces at the beginning and end of their passwords. Double
> confirm and don't mess with the input otherwise they tend to get confused.
>
How about:
if ($trimmedUsername != $username){
tri
On Tue, Dec 28, 2010 at 21:57, Nathan Rixham wrote:
> Don't trim or limit the range of input characters, but far more importantly
> /don't send passwords in clear text/, indeed don't generate passwords at
> all, let users enter there desired password, then they won't be copy and
> pasting them ;)
Specifically:
>> Dotan Cohen wrote:
>>> I seem to have an issue with users who copy-paste their usernames and
>>> passwords coping and pasting leading and trailing space characters.
Users should not be copy-pasting passwords or usernames. Do not compromise a
system to cater to bad [stupid, ignor
Joshua Kehn wrote:
Trim usernames but not passwords.
agree. nice catch, I was thinking about passwords specifically and
forgot usernames was in the topic too!
On Dec 28, 2010, at 2:57 PM, Nathan Rixham wrote:
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their user
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
Don't trim or limit the range of input characters, but far more
importantly /don't send passwords in clear text/, indeed don't generate
On Dec 28, 2010, at 8:52 AM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 15:27, Al wrote:
>> Can't you simply specify the allowed characters that can be used for PWs and
>> usernames?
>>
>
> No, I hate when websites do that. It leads to less secure passwords,
> not more secure, and it is pass
On Tue, Dec 28, 2010 at 15:27, Al wrote:
> Can't you simply specify the allowed characters that can be used for PWs and
> usernames?
>
No, I hate when websites do that. It leads to less secure passwords,
not more secure, and it is passing the burden of fixing the issue onto
the user.
> I always
On 12/28/2010 7:49 AM, Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
The obvious fix was to trim() the values that I receive, but I worry
how that would affect users who use a space at
93 matches
Mail list logo