|
trønderen wrote: What bugs me just as much: In an input field for phone number or bank account / credit card number, and they accept digits only
I found a product that I really wanted. The order form would not accept 16 digits. Too long it said.
So I copied the page locally, hacked it, then submitted my order. Far as I can recall I got it.
|
|
|
|
|
🍺🍺🍺
The seller really didn't deserve make the sale, though.
|
|
|
|
|
Limiting to 20 helps prevent injection attacks. Every input field on the web should have a max length.
The length should be checked first before any other validation.
Especially a field like password where they try to allow some special characters.
Give a hacker an unlimited length on fields that live in front of the “authenticated border” and they will find an encoding to bypass your checks. AI will probably help here with generating thousands of new attack patterns.
|
|
|
|
|
Phew, I am in:
Pa$$w0rd
>64
Some days the dragon wins. Suck it up.
|
|
|
|
|
I interpret the big red X in your screen capture to mean that those are the only allowed characters!
“No special characters except this list”
We use the “allow list” special characters for one of our systems. Keeps it simple security wise.
“Deny lists” never stand the test of time.
|
|
|
|
|
englebart said: I interpret the big red X in your screen capture to mean that those are the only allowed characters!
But if you read the text after the red x it says “any characters except the following” and I had tried one of the ones from the list and it rejected my password.
englebart: Deny lists” never stand the test of time.
Agree
|
|
|
|
|
So they should put a green check with wording like
Any of these can be used: < > …
Awful language. Not your problem!
|
|
|
|
|
Doesn't the BIG RED 'X' in front of "Quote: Special characters except for # & * < > ( ) ' [ ] mean that you can use THOSE special characters, but none other?
|
|
|
|
|
That's interesting, because someone else thought that also.
But, notice that the message next to it says, "Special characters except for # & * < > ( ) ' [ ]
Also, I had tried to use one of the ones listed which is how I got the warning.
So, they obviously have a confusing message along with the other problems they have.
|
|
|
|
|
The closer you look, the worse it gets!
|
|
|
|
|
Harrison Pratt wrote: The closer you look, the worse it gets!
Your statement cracked me up!
Indeed it does.
It's why most people choose to not look at things very closely.
|
|
|
|
|
raddevus wrote: when parsing the password string There's the problem.
If a site can't state the policy in a single non-run-on sentence I would avoid it. Extravagant parsing or using regular expressions to validate a user's password seems over-engineered.
Software Zen: delete this;
|
|
|
|
|
Gary Wheeler wrote: Extravagant parsing or using regular expressions to validate a user's password seems over-engineered.
Agree 100%!
I don't understand why they don't just:
1. hash your plaintext password.
2. compare it to known bad password hashes
3. if it matches any of the known bad, then reject, otherwise store your hash and be done
Why they looking at my password so closely, anyway?
|
|
|
|
|
The fact that this is still being used today is amazing.
I grew up close to Cleveland, Ohio and living in various other states
like Colorado, New Mexico, Oregon and now Arizona machines of this size we seldom seen
not that I was looking for them.
Please enjoy the story. Comment about BIG industry near you curious what is in other parts of the world.
The Air Force's 50,000 Ton Press - PlaneHistoria[^]
|
|
|
|
|
I'm not reading it. The GDPR banner for that site is one of those "you have to disable each vender individually - here is a huge list, have fun." ones and life is too short to spend 10 minutes clicking on "No, I don't want you get my info to do with as you will" checkboxes.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I am not sure I understand the link did not try to steal any information when I used it
I will try to delete the post.
|
|
|
|
|
Good luck with deleting ...
On that note, after getting the message "Anonymous posting is not allowed" I'm thinking that I was not who I was when I signed in to comment on this ... news
|
|
|
|
|
Meanwhile you can't delete the post (because replied from members), but you can edit it and remove the link
On the other hand, I see no problem with that link...
|
|
|
|
|
i see no problems with link or site. plane historia is a pretty plane jane site (pun intended). lots of new info for me.
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Glad you enjoyed the link
|
|
|
|
|
It's not the link trying to steal info, it's the GDPR management screen that insists you untick everyone you don't want them to sell your info to - if you just pressed "accept" to get rid of it once it will sell it to every on on a long list because you have said they can. They have to show the GDPR dialog, but they don't have to have just an "accept" and a "reject" button.
That annoys me because they deliberately make it hard to prevent them doing it. So I just walk away and don't go back.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OG I did not have that experience
I did click the CLOSE when they asked about push notifications
and no other pop up questions after that
I am using Firefox with a lot of blocking enabled in the settings
Thanks for explaining
|
|
|
|
|
Probably because you're in the USA.
Explicitly asking for permission to collect and sell your data is mandatory in the EU.
|
|
|
|
|
I've never seen (or in reality, noticed) such a long cookie-mamagement list, but had a go at deleting a few - then gave up. Allowed what was left, removed the whole set of cookies from FF and could then read at my leisure. Probably won't be going back.
|
|
|
|
|
Choroid wrote: did not try to steal
Which is completely and entirely irrelevant.
|
|
|
|