Comments | eevee: Input validation

eevee

Input validation

Nov 04, 2010 21:56

As distinct from security issues, of course.

Today I went to sign up for some financial site so I could switch from paper bills to email and get automatic payments going. I fed it one of my usual generated passwords, which looked something like:

U5!`i2|8|Gz6+_9W

Here's the response I got.

Your password must be 6-20 characters long and contain ( Read more... )

geeky

Comments 34

krinndnz November 5 2010, 05:17:43 UTC

So basically, this could all be solved by programmers being correctly lazy ?

eevee November 5 2010, 05:18:28 UTC

Yes. Wait. ummmm

krinndnz November 5 2010, 05:28:54 UTC

It takes a lot of work to be correctly lazy sometimes! Or at least, work that we're not aware that we have to do. Which is my explanation for why people keep re-inventing the wheel and making it heptagonal.

chipotle November 5 2010, 06:23:14 UTC

I'd suggest that a lot of it could be solved (and in many cases has been, of course) by testing with users. Using libraries when you can rather than reinventing the wheel doesn't give you complete immunity against the stupid, but it often goes a long way, particularly if the libraries are from fairly widely-used projects, since those are more likely to have figured these things out the hard way if necessary.

Of course, this requires you to not rationalize away user requests/complaints because you don't want to make the necessary fix. At best this makes you look lazy to people who know better. And if you do it spectacularly badly -- deviantArt's removal of the "unspecified" option for gender and brusque "I'm sorry, there are only two sexes, pick one" response to complaints -- it makes you look like you have [reverb on] AN AGENDA.

Thread 6

(The comment has been removed)

chipotle November 5 2010, 06:25:44 UTC

I once worked at a place doing very, very sophisticated engineering relating to "assisted GPS" whose software relied on a configuration file which could only be generated by running macros in a Microsoft Excel file. On a machine that had Cygwin installed, because the Excel macros called shell scripts.

This isn't directly related to bugs, but "scientific software is its own world of crappy" made me want to share this horror with someone else.

eevee November 5 2010, 13:09:21 UTC

Hahaha jesus christ. Okay, Excel macros calling shell scripts has to set some sort of record.

tonberrygrrl November 5 2010, 14:55:25 UTC

Mommy, please make it stop, it hurts.

dr_dos November 5 2010, 07:27:38 UTC

I'm curious at what point Perl stops being Perl and starts being a Magic Eye picture.

tonberrygrrl November 5 2010, 14:56:50 UTC

Anywhere. Perl is a write-only language.

eevee November 5 2010, 14:59:06 UTC

Nah, it's just... optionally encrypted.

tonberrygrrl November 5 2010, 15:08:47 UTC

Hehe, fair enough. Most of my Perl resembles enhanced C anyway.

mfb November 5 2010, 07:43:49 UTC

An intrinsically ungeeky question, but how do you keep track of your passwords? I've got some bad habits I think it's about time to toss.

eevee November 5 2010, 13:10:27 UTC

I wrote a script that takes a master password and the name of a service, hashes them together, and spits out some (consistent) randomish junk.

Logging into anything on my phone sort of sucks now though.

(The comment has been removed)

eevee November 5 2010, 13:10:51 UTC

Briefly. Stuff going on, I guess.