|
You need to limit "all" fields, then check for "nonsense" sequence of repeating blanks, etc.
People fall asleep leaning on the keyboard.
And the last thing you want is a report with a "blank field" that runs for pages ... and you wonder "how did it ..."
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
What bugs me just as much: In an input field for phone number or bank account / credit card number, and they accept digits only. There is a convention for writing credit card numbers as 1234 2345 3456 4567 - not as 1234234534564567, which makes it a lot harder to detect a typo. Bank account numbers are written as 1234 56 7890, or sometimes as 1234.56.7890. Again: 1234567890 makes it much harder to verify. Phone numbers are 404 55 606, not 40455606 (and today, you see phone numbers up to 14 digits, even domestic ones, making it even harder to detect a typo).
If they really insist on handling a structured number as a singe long integer, those 'readability spaces' can be removed by a single program code line, in several commonly used text processing tools/libraries. It takes a lot more effort to display an error message box declaring 'Spaces are not permitted in phone numbers' (or whatever).
While the number of sites rejecting 'readability spaces' seems to be declining, I have seen an increase in another 'facility' that I wouldn't say 'bugs' me, it rather amuses me: Entry fields for phone or account numbers with a spin button. As when I typed the wrong account or phone number, and really would like to spin from the mistyped number to the correct one. This started long before the AI wave, so don't blame AI!
|
|
|
|
|
When I've had to validate "contact" information, we (simply) used "national address" databases (world wide subscription) in real time to validate all contact information. We did what USPS, UPS and FedEx said to do in their specs. Incremental searching while you typed; you didn't even have to complete your own address information, since it "had" to be in the "database".
A call center app for all of New Zealand, 1,000,000+ addresses, with realtime incremental searching. (Different DB; custom API)
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
trønderen wrote: What bugs me just as much: In an input field for phone number or bank account / credit card number, and they accept digits only
I found a product that I really wanted. The order form would not accept 16 digits. Too long it said.
So I copied the page locally, hacked it, then submitted my order. Far as I can recall I got it.
|
|
|
|
|
🍺🍺🍺
The seller really didn't deserve make the sale, though.
|
|
|
|
|
Limiting to 20 helps prevent injection attacks. Every input field on the web should have a max length.
The length should be checked first before any other validation.
Especially a field like password where they try to allow some special characters.
Give a hacker an unlimited length on fields that live in front of the “authenticated border” and they will find an encoding to bypass your checks. AI will probably help here with generating thousands of new attack patterns.
|
|
|
|
|
Phew, I am in:
Pa$$w0rd
>64
Some days the dragon wins. Suck it up.
|
|
|
|
|
I interpret the big red X in your screen capture to mean that those are the only allowed characters!
“No special characters except this list”
We use the “allow list” special characters for one of our systems. Keeps it simple security wise.
“Deny lists” never stand the test of time.
|
|
|
|
|
englebart said: I interpret the big red X in your screen capture to mean that those are the only allowed characters!
But if you read the text after the red x it says “any characters except the following” and I had tried one of the ones from the list and it rejected my password.
englebart: Deny lists” never stand the test of time.
Agree
|
|
|
|
|
So they should put a green check with wording like
Any of these can be used: < > …
Awful language. Not your problem!
|
|
|
|
|
Doesn't the BIG RED 'X' in front of "Quote: Special characters except for # & * < > ( ) ' [ ] mean that you can use THOSE special characters, but none other?
|
|
|
|
|
That's interesting, because someone else thought that also.
But, notice that the message next to it says, "Special characters except for # & * < > ( ) ' [ ]
Also, I had tried to use one of the ones listed which is how I got the warning.
So, they obviously have a confusing message along with the other problems they have.
|
|
|
|
|
The closer you look, the worse it gets!
|
|
|
|
|
Harrison Pratt wrote: The closer you look, the worse it gets!
Your statement cracked me up!
Indeed it does.
It's why most people choose to not look at things very closely.
|
|
|
|
|
raddevus wrote: when parsing the password string There's the problem.
If a site can't state the policy in a single non-run-on sentence I would avoid it. Extravagant parsing or using regular expressions to validate a user's password seems over-engineered.
Software Zen: delete this;
|
|
|
|
|
Gary Wheeler wrote: Extravagant parsing or using regular expressions to validate a user's password seems over-engineered.
Agree 100%!
I don't understand why they don't just:
1. hash your plaintext password.
2. compare it to known bad password hashes
3. if it matches any of the known bad, then reject, otherwise store your hash and be done
Why they looking at my password so closely, anyway?
|
|
|
|
|
The fact that this is still being used today is amazing.
I grew up close to Cleveland, Ohio and living in various other states
like Colorado, New Mexico, Oregon and now Arizona machines of this size we seldom seen
not that I was looking for them.
Please enjoy the story. Comment about BIG industry near you curious what is in other parts of the world.
The Air Force's 50,000 Ton Press - PlaneHistoria[^]
|
|
|
|
|
I'm not reading it. The GDPR banner for that site is one of those "you have to disable each vender individually - here is a huge list, have fun." ones and life is too short to spend 10 minutes clicking on "No, I don't want you get my info to do with as you will" checkboxes.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I am not sure I understand the link did not try to steal any information when I used it
I will try to delete the post.
|
|
|
|
|
Good luck with deleting ...
On that note, after getting the message "Anonymous posting is not allowed" I'm thinking that I was not who I was when I signed in to comment on this ... news
|
|
|
|
|
Meanwhile you can't delete the post (because replied from members), but you can edit it and remove the link
On the other hand, I see no problem with that link...
|
|
|
|
|
i see no problems with link or site. plane historia is a pretty plane jane site (pun intended). lots of new info for me.
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Glad you enjoyed the link
|
|
|
|
|
It's not the link trying to steal info, it's the GDPR management screen that insists you untick everyone you don't want them to sell your info to - if you just pressed "accept" to get rid of it once it will sell it to every on on a long list because you have said they can. They have to show the GDPR dialog, but they don't have to have just an "accept" and a "reject" button.
That annoys me because they deliberately make it hard to prevent them doing it. So I just walk away and don't go back.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OG I did not have that experience
I did click the CLOSE when they asked about push notifications
and no other pop up questions after that
I am using Firefox with a lot of blocking enabled in the settings
Thanks for explaining
|
|
|
|