[thelist] Server validation -- which chars to reject?
Ken Kogler
ken.kogler at curf.edu
Sat Nov 9 23:30:01 CST 2002
> sure, it can be used in an injection attack, but *not*
> if you're performing a replace from "'" to "''", which
> you should be doing anyway if the application server
> doesn't already do it for you.
But I still don't get this: There's no way to allow someone to have a
password of "aje$jaf7#hd&!", correct?
If I were to sign up for a new account on evolt, would it yell at me if
I tried to use that password? If not, is it converting those characters
to their numeric entities, or what?
Just can't seem to wrap my brain around this one at 11:20pm...
--Ken
More information about the thelist
mailing list