It would seem that with in the streaming of information that moves
across networks, that such things as virus detection within these
networks(meaning governmental oversite of info...post 9/11), which, if
I'm not mistaken is regexing for matching strings of definitions, are
checked for as they strea
On Wed, Dec 29, 2010 at 12:00:01AM -0500, David Hutto wrote:
> On Tue, Dec 28, 2010 at 11:51 PM, Paul M Foster
> wrote:
> > On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
> >
> >> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
> >>
> >> > On Tue, Dec 28, 2010 at 03:11:56PM -0500,
> -Original Message-
> From: David McGlone [mailto:da...@dmcentral.net]
> Sent: Monday, December 27, 2010 1:14 PM
> To: PHP
> Subject: [PHP] how would I do this?
>
> Hi all,
>
> I am trying to make the link in this code not show the underscore and I
can't
> figure out how I could do it. I
k...@bitflop.com wrote:
Hi.
I am currently looking into improving a system that (like many systems)
generate static content at runtime.
I have always been against generating static content at runtime and
believe static content should be generated by a cronjob or manually at
some idle time (if p
On Tue, Dec 28, 2010 at 11:51 PM, Paul M Foster wrote:
> On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
>
>> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>>
>> > On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>> >
>> >> Specifically:
>> >>
>> Dotan Cohen wrote
On Dec 28, 2010, at 11:51 PM, Paul M Foster wrote:
> On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
>
>> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>>
>>> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>>>
Specifically:
>> Dotan Cohen wrote:
>>>
On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>
> > On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
> >
> >> Specifically:
> >>
> Dotan Cohen wrote:
> > I seem to have an issue with users who copy-paste the
On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>
>> Specifically:
>>
Dotan Cohen wrote:
> I seem to have an issue with users who copy-paste their usernames and
> passwords coping and pasting leading and trailing space
On Tue, Dec 28, 2010 at 3:28 PM, Paul M Foster wrote:
> Users would be wise to follow a scheme like
> this, rather than using their dog's name or somesuch as their passwords.
Aww man, I've been using "somesuch" as the password for all my accounts and
now you've ruined it! Luckily I use your dog'
On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
> Specifically:
>
> >> Dotan Cohen wrote:
> >>> I seem to have an issue with users who copy-paste their usernames and
> >>> passwords coping and pasting leading and trailing space characters.
>
> Users should not be copy-pasting passwo
On Tue, Dec 28, 2010 at 16:10, Peter Lind wrote:
>
> Bla bla bla not Friday yet bla bla bla cut down on the noise on the list bla
> bla
I tend to think that you fail to see the actual meaning behind the
messages, Peter, and instead just like to remind me of my own words.
Don't worry: I remem
On 28 December 2010 22:06, Daniel Brown wrote:
> On Tue, Dec 28, 2010 at 16:05, Dotan Cohen wrote:
>>
>> Did you know that when you type 'brown1' we see it as **? Your
>> system does that automatically.
>
> That's how I see it, too. It took me fourteen years to realize
> that my password
On Tue, Dec 28, 2010 at 16:05, Dotan Cohen wrote:
>
> Did you know that when you type 'brown1' we see it as **? Your
> system does that automatically.
That's how I see it, too. It took me fourteen years to realize
that my password wasn't just six asterisks (though, in my hand-made,
high-
On Tue, Dec 28, 2010 at 23:02, Daniel Brown wrote:
> This thread has really just gone on far too long without the only
> correct answer: always use the same username/password for everything,
> and always make them as simple as possible so that you can remember
> them. For example, I always use
On Tue, Dec 28, 2010 at 15:43, Nathan Rixham wrote:
>
> that's what pkcs12 was invented for, just issue another certificate / key
> pair.
This thread has really just gone on far too long without the only
correct answer: always use the same username/password for everything,
and always make the
On Tue, Dec 28, 2010 at 22:43, Nathan Rixham wrote:
> that's what pkcs12 was invented for, just issue another certificate / key
> pair.
>
I could probably automate and script it, I would just give the users a
name/password combo to their own control panel...
--
Dotan Cohen
http://gibberish.co.
On Tue, Dec 28, 2010 at 22:52, Joshua Kehn wrote:
> We're PHP programmers, we do the impossible all the time. Without automatic
> migrations, managed models, succinct
> ORM's. Other developers look at us in shock as we memorize the $haystack and
> $needle argument orders for explode
> and str* f
On Dec 28, 2010, at 3:24 PM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 22:11, Joshua Kehn wrote:
>> Users should not be copy-pasting passwords or usernames. Do not compromise a
>> system to cater to bad [stupid, ignorant, you pick] users. If this is an
>> issue then educate the users.
>>
>
>
Dotan Cohen wrote:
On Tue, Dec 28, 2010 at 22:30, Joshua Kehn wrote:
indeed, and on reflection, if you're putting this much effort in to it, and
security is a worry, then forget username and passwords, and issue each user
with a client side RSA v3 certificate and identify them via the public ke
On Dec 28, 2010, at 3:32 PM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 22:30, Joshua Kehn wrote:
>>> indeed, and on reflection, if you're putting this much effort in to it, and
>>> security is a worry, then forget username and passwords, and issue each user
>>> with a client side RSA v3 certif
On Tue, Dec 28, 2010 at 22:30, Joshua Kehn wrote:
>> indeed, and on reflection, if you're putting this much effort in to it, and
>> security is a worry, then forget username and passwords, and issue each user
>> with a client side RSA v3 certificate and identify them via the public key
>> of the c
On Dec 28, 2010, at 3:26 PM, Nicholas Kell wrote:
>
> If you work for a company that admins over a hundred websites, you may be
> inclined to copy-paste a few passwords.
>
> I don't know about you, but when we use passwords that are over 16 characters
> long and I don't want to get an incorrec
On Dec 28, 2010, at 3:29 PM, Nathan Rixham wrote:
> Joshua Kehn wrote:
>> On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote:
>>> I'm toying with the idea of having the passwords hashed twice: they're
>>> already in the database hashed, and javascript hashes them on the
>>> client before sending them
On Tue, Dec 28, 2010 at 22:26, Joshua Kehn wrote:
> Educate the users, don't compromise the system. Either go full on and trim
> everything (I don't recommend this) or trim
> nothing. Be consistent in which one you pick.
>
Then how about:
if ($trimmedPassword==$realPassword && $enteredPassword!=
Joshua Kehn wrote:
On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote:
I'm toying with the idea of having the passwords hashed twice: they're
already in the database hashed, and javascript hashes them on the
client before sending them over, but I'm thinking about sending an
additional salt to the c
On Dec 28, 2010, at 3:23 PM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 22:02, Joshua Kehn wrote:
>> Trim usernames but not passwords.
>> Some people put spaces at the beginning and end of their passwords. Double
>> confirm and don't mess with the input otherwise they tend to get confused.
>>
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote:
> Specifically:
>
>>> Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
>
> Users should not be copy-pasting passwords or username
On Tue, Dec 28, 2010 at 22:23, Peter Lind wrote:
> Sounds like https would be MUCH simpler and likely as safe or safer. I
> wouldn't waste my time on trying to come up with very clever schemes
> when tried and true technologies are out there.
>
You are right, I know.
>> But before all that goes
On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote:
> I'm toying with the idea of having the passwords hashed twice: they're
> already in the database hashed, and javascript hashes them on the
> client before sending them over, but I'm thinking about sending an
> additional salt to the client to hash
On Tue, Dec 28, 2010 at 22:11, Joshua Kehn wrote:
> Users should not be copy-pasting passwords or usernames. Do not compromise a
> system to cater to bad [stupid, ignorant, you pick] users. If this is an
> issue then educate the users.
>
Educate the users?!? Is that like making water flow uphill,
Dotan Cohen wrote:
On Tue, Dec 28, 2010 at 21:57, Nathan Rixham wrote:
Don't trim or limit the range of input characters, but far more importantly
/don't send passwords in clear text/, indeed don't generate passwords at
all, let users enter there desired password, then they won't be copy and
pa
On 28 December 2010 21:18, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 21:57, Nathan Rixham wrote:
>> Don't trim or limit the range of input characters, but far more importantly
>> /don't send passwords in clear text/, indeed don't generate passwords at
>> all, let users enter there desired pass
Trim usernames but not passwords.
Some people put spaces at the beginning and end of their passwords. Double
confirm and don't mess with the input otherwise they tend to get confused.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
O
On Tue, Dec 28, 2010 at 22:02, Joshua Kehn wrote:
> Trim usernames but not passwords.
> Some people put spaces at the beginning and end of their passwords. Double
> confirm and don't mess with the input otherwise they tend to get confused.
>
How about:
if ($trimmedUsername != $username){
tri
On Tue, Dec 28, 2010 at 21:57, Nathan Rixham wrote:
> Don't trim or limit the range of input characters, but far more importantly
> /don't send passwords in clear text/, indeed don't generate passwords at
> all, let users enter there desired password, then they won't be copy and
> pasting them ;)
Specifically:
>> Dotan Cohen wrote:
>>> I seem to have an issue with users who copy-paste their usernames and
>>> passwords coping and pasting leading and trailing space characters.
Users should not be copy-pasting passwords or usernames. Do not compromise a
system to cater to bad [stupid, ignor
On 2010-12-28, at 2:19 PM, David Harkness wrote:
> The other option is to generate the page dynamically and cache it (we use
> Varnish) for the next users. This way you pay the cost to regenerate pages
> only for those someone views--and only once. This pays off well when you
> have high traffi
Joshua Kehn wrote:
Trim usernames but not passwords.
agree. nice catch, I was thinking about passwords specifically and
forgot usernames was in the topic too!
On Dec 28, 2010, at 2:57 PM, Nathan Rixham wrote:
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their user
Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
Don't trim or limit the range of input characters, but far more
importantly /don't send passwords in clear text/, indeed don't generate
The other option is to generate the page dynamically and cache it (we use
Varnish) for the next users. This way you pay the cost to regenerate pages
only for those someone views--and only once. This pays off well when you
have high traffic.
David
On Tue, 2010-12-28 at 13:25 -0500, Govinda wrote:
> >
> > Care to share your experiences and recommendations on the issue?
> >
>
>
> It seems to me that you ask a great question, and ask it well.
>
> I have worked on both kinds of systems. But I am not expert enough to
> say anything definit
Care to share your experiences and recommendations on the issue?
It seems to me that you ask a great question, and ask it well.
I have worked on both kinds of systems. But I am not expert enough to
say anything definitively. Just one thought I had while thinking
about it:
How about:
Hi.
I am currently looking into improving a system that (like many systems)
generate static content at runtime.
I have always been against generating static content at runtime and
believe static content should be generated by a cronjob or manually at
some idle time (if possible).
This will provi
... And yes, I'm the OCD
geek with such passwords.
Dotan,
that is great! You made a dry topic hilarious! (on top of the
practical points you make.)
Thanks!
Govinda
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Tue, Dec 28, 2010 at 17:13, Paul M Foster wrote:
> If users want to embed spaces in their passwords, well and good. But at
> the beginning or end? No. Trim them. As mentioned elsewhere, I suspect
> this is mostly because of copying and pasting.
>
A leading space in a password is a terrific def
On Dec 28, 2010, at 8:52 AM, Dotan Cohen wrote:
> On Tue, Dec 28, 2010 at 15:27, Al wrote:
>> Can't you simply specify the allowed characters that can be used for PWs and
>> usernames?
>>
>
> No, I hate when websites do that. It leads to less secure passwords,
> not more secure, and it is pass
On Tue, Dec 28, 2010 at 02:49:59PM +0200, Dotan Cohen wrote:
> I seem to have an issue with users who copy-paste their usernames and
> passwords coping and pasting leading and trailing space characters.
> The obvious fix was to trim() the values that I receive, but I worry
> how that would affect
On Tue, Dec 28, 2010 at 15:27, Al wrote:
> Can't you simply specify the allowed characters that can be used for PWs and
> usernames?
>
No, I hate when websites do that. It leads to less secure passwords,
not more secure, and it is passing the burden of fixing the issue onto
the user.
> I always
On Tue, Dec 28, 2010 at 15:12, Ashley Sheridan
wrote:
> The copy-paste thing I've noticed only really seems to happen on Windows,
> particularly with Outlook. The thing I always tell people if
> I'm emailing people a password is that they should type it out rather than
> copy paste to avoid the
On 12/28/2010 7:49 AM, Dotan Cohen wrote:
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
The obvious fix was to trim() the values that I receive, but I worry
how that would affect users who use a space at
On Tue, 2010-12-28 at 14:49 +0200, Dotan Cohen wrote:
> I seem to have an issue with users who copy-paste their usernames and
> passwords coping and pasting leading and trailing space characters.
> The obvious fix was to trim() the values that I receive, but I worry
> how that would affect users w
I seem to have an issue with users who copy-paste their usernames and
passwords coping and pasting leading and trailing space characters.
The obvious fix was to trim() the values that I receive, but I worry
how that would affect users who use a space at the beginning or end of
their password. Of co
52 matches
Mail list logo
