funsec mailing list archives
seen on the ANA website
From: Peter Evans <peter () ixp jp>
Date: Sat, 1 Sep 2007 17:46:45 +0900
I guess this fits the MO for this ML, I was just on the ANA website, playing with their mileage program that can't cope with my name being spelled 4 different ways depending on the phase of the moon. Heaven help someone with a complicated name! In the forms section: For security reasons, please do not use the following marks----' '," ",< >and( ). Does this mean: A) We are incapable of secure coding and use SQL, meaning that anyone with a modicum of SQL knowledge will be able to vacuum our database. B) We are also incapable of filtering out potentially malicious HTML, so please don't do that. C) We really do not like brackets and wish you wouldn't either. Brackets are an anathema to society and we are attempting to stamp them out. D) The bracket, angle bracket, single and double quotes are endangered species and we will not be party to their needless slaughter. E) We are malicious, and we put this warning here to smoke out the wannabe hackers. P _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- seen on the ANA website Peter Evans (Sep 01)
- Re: seen on the ANA website security curmudgeon (Sep 01)
- Re: seen on the ANA website Dennis Henderson (Sep 01)
- Re: seen on the ANA website security curmudgeon (Sep 01)