Input validation

[eevee]

As distinct from security issues, of course.

Today I went to sign up for some financial site so I could switch from paper bills to email and get automatic payments going. I fed it one of my usual generated passwords, which looked something like:

U5!`i2|8|Gz6+_9W

Here's the response I got.

Your password must be 6-20 characters long and contain

Comments

[toksyuryel]

That regular expression is downright *frightening*.

[eevee]

And this is why you should build awful regexes piecemeal!

[furrykef]

I've long been annoyed by the same things. Have you seen the absurd requirements that GoDaddy has on website database passwords? Not only is the limit absurdly short (I think 14 chars max), and not only do they disallow special characters, they even require the first character to be a letter.

WHY?!?!?!?

That's not the worst one I've seen, though. I know of one site (it's a porn site >.>) that requires your password to be six digits.

[eevee]

GoDaddy is sleazy anyway, so also being incompetent doesn't surprise me in the least.

I know of a bank that requires a password to be only digits. As many as you want, but only digits.

I stress that this is A FUCKING BANK.

[antialiasis]

Late, but my bank's net access has a maximum password length of eight characters. You make up your own username which is supposed to be secret too, but that is also eight characters max. What the hell.

[two_pi_r]

The 14-character limit is, iirc, because mysql is a piece of shit and that's all a password-typed column can handle.

[katisconfused]

You know what is REALLY FUCKING ANNOYING?
My last name is O'Donnell. Because of that ' EVERY TIME I am confronted by a computer system with my name in it (everything from a store mailing list to doctors offices and banks) It takes no less than three tries for them to find it because depending on the system, that ' could be a ', a space, or not there at all. I am SERIOUSLY thinking of changing my name just because of that as I am sick of this happening at EVERYWHERE I go.

[eevee]

Well geez why would a name ever have anything besides letters in it?? Hurr durr giant mainframe app built without considering what it would actually need to do.

[katisconfused]

Oh, and I forgot, Caps. On top of the 's there is also the matter of is it O'Donnell, O'donnell, o'donnell, or O'DONNELL in their system.

I am having LOTS OF FUN with this bullshit since my father recently died and checks and shit got sent to abandoned property. On top of the lovely last name drama he occasionally went by his middle name so I have to try every combo of his first name middle name nick names for them and initials. WHY IS THERE NO PUT IN ADDRESS OPTION FKLGSBGJKLF

[rax]

You said octothorpe and that is awesome. Also these articles are useful in general, thank you!

[eevee]

I'm very deeply bothered that half the punctuation on my keyboard doesn't have a cool name.

Oh hey you run that one Crawl server. I ran across it several times while trying to set up my own, which nobody has ever used.

[rax]

I do run that one Crawl server! Although now I work full time and am in grad school so mostly I don't do anything with it anymore other than pay for it. If you have another server and want to set up peering with CAO/CDO though that's probably possible, you could pop up in ##crawl-dev on freenode. Poke me (rax there, too) if you do. If the peering code isn't generalizable, we should make it be. (And we could use another server before the next tournament happens because goddamn.)

Or you might not care because you have eighty billion other projects, so whatever. :)

[eevee]

Probably not worth the bother; it's on a little baby machine, and has never gotten the love that the NetHack alongside it did. (Probably because I already did all that fucking around with the high score list and IRC game announcing once, and I can't be assed to do it again. (Or twice more; someone heckled me into installing ADOM too. That was sure fun.))

Also it doesn't help that I've never made it past dlvl 2 in Crawl. *ahem*

[stokerbramwell]

I am glad I started watching your journal if for nothing other than learning the proper name of #.