Flutterby™! : Password insecurities

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Password insecurities

2006-04-04 22:01:39.06474+00 by Dan Lyke 2 comments

Hey, Apple Developer Connection: Passwords may have punctuation in them. I expect this sort of lax coding that doesn't properly escape all characters to whatever subsystem they're speaking to from certain financial institutions, but you guys, of all people, should be able to get this right.

[ related topics: Apple Computer Software Engineering ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2006-04-05 00:59:00.189983+00 by: meuon

I'm learning that almost everything should be supporting "UTF-8" and properly handling Kanji, Traditional Chinese, etc.. Forget problems with ' & ~ | - there are REAL issues out there that make those trivial.

#Comment Re: made: 2006-04-05 01:10:46.223797+00 by: Dan Lyke

Yeah, I'm currently torn between absolutely despising Apple's "CFString" data type, and saying that we need to take three weeks and convert everything to it or something else that handles real character sets transparently.

Of course the real problem is that if you're really supporting all of those other languages, UTF8 starts to lead to data bloat pretty fast, and...

But as an intermediate data format, it works pretty well.

And is this a good place to insert my "XML can't carry ASCII unless you MIME or other binary encapsulation encode it!" clue? I may have picked up a few hours of consulting work writing a protocol validator, and damn I'm looking forward to that.