Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Ovid (2709)

Ovid
  (email not shown publicly)
http://publius-ovidius.livejournal.com/
AOL IM: ovidperl (Add Buddy, Send Message)

Stuff with the Perl Foundation. A couple of patches in the Perl core. A few CPAN modules. That about sums it up.

Journal of Ovid (2709)

Tuesday May 08, 2007
05:39 AM

Bad Password -- No Cookie for You!

[ #33214 ]

I signed up for UK Yankee since, obviously, I'm a Yank amidst the Limeys. Signing up for this Web site was a long, painful process. Very painful.

First, I couldn't find a 'register' link on their home page, just a typical login form. I clicked around on a few pages and couldn't find any way to register with the site. So I clicked login and there's my 'register' link.

Next was their use of a CAPTCHA on the registration page. Not only was there no option available for blind people, the fonts chosen were so terrible that it was difficult to guess what the CAPTCHA actually said. Is that a '1'? Is that a '7'? Who knows? I'm not used to seeing a '1' with such a long serif that it could be mistaken for a '7', but there is was. Of course, at first I didn't see that it only allowed hex characters -- I've never seen such a limitation with CAPTCHAs before -- so I thought the '1' was an 'l' and the '0' was a 'O' (yes, I'm deliberately not clarifying those). At one point, I got the CAPTCHA wrong three times in a row!

Then when I filled in the CAPTCHA correctly, I was astonished that it accepted my randomly chosen password:

46dk3m,er+`'

The vast majority of sites I encounter break on the single quote (SQL injection) or don't allow various punctuation characters (stupid). Of course, even though it accepted my password, it certainly didn't let me log in with it. Grr ...

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.