Re: Re: Do you trim() usernames and passwords?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tamara Temple wrote:
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:

Specifically:

Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
Users should not be copy-pasting passwords or usernames. Do not 
compromise a system to cater to bad [stupid, ignorant, you pick] 
users. If this is an issue then educate the users.
I'm sorry, but this is just bloody stupid. I keep my usernames and 
randomly generated, very long passwords in a password keeper. If you're 
not going to let me copy paste them into a web page, i'm just not going 
to ever use your application. Copy/pasting is something that happens on 
the *local* machine -- it never goes out to the net. By forcing people 
to type in their user names and passwords you are going to cause them to 
enter easily-remembered, and typically easily-crackable combinations. 
What is the possible logic for disallowing someone to paste in their 
usernames/passwords???
Tamara, you're missing half the context, the whole point was don't send 
username and password combo's in plaintext via email to users (thus 
forcing them to copy and paste from email) - this point was made but 
then that context has been stripped from the above email, obviously 
copy+pasting from a password keeper and such like is totally fine..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux