On Wed, 2004-12-01 at 20:32 +0200, Shachar Shemesh wrote:
> > IF Len(Trim(document.all("textSisma").value))=5 or
> > Len(Trim(document.all("textSisma").value))=8 THEN
> > formLogin.textFormPassword.value = textSisma.value
> > formLogin.submit
> > else
> Now, if anyone can help me. Are they saying that the password can be
> 5 or 8 characters, but not 6?
My Basic is somewhat rusty, but yeah, it does seem to look like a
password can onlhy be 5 or 8 characters.
However, it's checking the trimmed length (which I'm assuming as in PHP
is with newlines and whitespaces trimmed from either side), and, saving
the untrimmed length.
So even if they had a similar script on the server side, if you sent a
password with let's say, oh, five thousand spaces spaces followed by 5
legit characters, it would be accepted :) and who knows what kind of
problems that could cause :)
(Of course, there's a good chance of no problems... any generated
password hash would be an acceptable amount of characters, and something
like MySQL would only save whats in the column definition... guess
sometimes people are just lucky :)).
Gadi
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
