On Dec 31, 2010, at 12:41 AM, Joshua Kehn wrote:
On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote:
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:
Specifically:
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their
usernames and
passwords coping and pasting leading and trailing space
characters.
Users should not be copy-pasting passwords or usernames. Do not
compromise a system to cater to bad [stupid, ignorant, you pick]
users. If this is an issue then educate the users.
I'm sorry, but this is just bloody stupid. I keep my usernames and
randomly generated, very long passwords in a password keeper. If
you're not going to let me copy paste them into a web page, i'm
just not going to ever use your application. Copy/pasting is
something that happens on the *local* machine -- it never goes out
to the net. By forcing people to type in their user names and
passwords you are going to cause them to enter easily-remembered,
and typically easily-crackable combinations. What is the possible
logic for disallowing someone to paste in their usernames/
passwords???
My point has been completely missed by you. I'm not saying don't
allow copy pasting usernames and passwords (though I think that this
is a poor choice). I'm saying don't automatically trim the passwords.
Sorry, I was mislead by your use of the phrase "Users should not be
copy-pasting passwords or usernames" above. I'd love to hear what you
think is an alternative to identifying with web app that keeps track
of information about someone that is more secure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
