[funsec] seen on the ANA website
Peter Evans
peter at ixp.jp
Sat Sep 1 03:46:45 CDT 2007
I guess this fits the MO for this ML,
I was just on the ANA website, playing with their mileage program that
can't cope with my name being spelled 4 different ways depending on the
phase of the moon. Heaven help someone with a complicated name!
In the forms section:
For security reasons, please do not use the following marks----' '," ",< >and( ).
Does this mean:
A) We are incapable of secure coding and use SQL, meaning that anyone with
a modicum of SQL knowledge will be able to vacuum our database.
B) We are also incapable of filtering out potentially malicious HTML, so please
don't do that.
C) We really do not like brackets and wish you wouldn't either. Brackets are an
anathema to society and we are attempting to stamp them out.
D) The bracket, angle bracket, single and double quotes are endangered species and
we will not be party to their needless slaughter.
E) We are malicious, and we put this warning here to smoke out the wannabe hackers.
P
More information about the funsec
mailing list