TalkPHP - View Single Post

delayedinsanity · 05-05-2008, 01:24 AM

I guess I just assumed there, about the alphanumerical passwords. It hadn't crossed my mind that <:*h*&*k*:??> might be a stronger password than "hellokitty", but as usual somebody else has thought of what I haven't.

Just updated my authentication class to allow for this.

Though I wouldn't say using a regular expression still isn't a bad idea to disallow certain things. Perhaps ~[\t\n\r\f\v[:cntrl:]]+~ might be a start?

This kind of makes me re-evaluate my basic sanitization routine too... I have it right now so that it strips anything off the ends that looks like the user is trying to do a basic SQL injection (such as comment characters) and changes anything that looks like HTML to their entities (specifcally <script> etc). I want my scripts to be secure, but not at the cost of usability.
-m

edit: let me rephrase that last bit; I want my code to be secure AND usable.

05-05-2008, 01:24 AM	#9 (permalink)
delayedinsanity is cute and cuddly Join Date: Mar 2008 Location: Vegas, Baby Posts: 963 Thanks: 31	I guess I just assumed there, about the alphanumerical passwords. It hadn't crossed my mind that <:h&k:??> might be a stronger password than "hellokitty", but as usual somebody else has thought of what I haven't. Just updated my authentication class to allow for this. Though I wouldn't say using a regular expression still isn't a bad idea to disallow certain things. Perhaps ~[\t\n\r\f\v[:cntrl:]]+~ might be a start? This kind of makes me re-evaluate my basic sanitization routine too... I have it right now so that it strips anything off the ends that looks like the user is trying to do a basic SQL injection (such as comment characters) and changes anything that looks like HTML to their entities (specifcally <script> etc). I want my scripts to be secure, but not at the cost of usability. -m edit: let me rephrase that last bit; I want my code to be secure AND usable.