Words that are excluded from "secret questions"

By Cory Doctorow at 3:26 am Friday, May 14

The Sacramento Credit Union's online banking service appears to have learned some hard lessons about SQL code-injection attacks as they apply to "secret questions":

The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words "insert," "delete," "drop," "update," "null," or "select."

My friend Danny O'Brien (or, as many services have it, Danny O\'\'\'\'\'\'\'Brien) has pointed out that millions of Irish people have a built-in PHP attack right there in their names. When I was a kid, I used to fantasize about changing my middle name to "+++ATH."

Good times.

Sacramento Credit Union (via Making Light)

Previously:

Share this post Tweet Pin It

Read more Technology

show full bio

Cory Doctorow

Jun 1, Sydney Vivid
Jul 14, London EFF Speakeasy
Jun 18, Dublin Internet Freedom

Context (essays)
With a Little Help (short stories)
For the Win (YA novel)
Makers (adult novel)

Where not otherwise specified, this work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States and other countries.

Submit a Link Hot Latest Gweek Apps For Kids Boing Boing Shop

Features Reviews Science Archives About Us

DESKTOP VIEW

Switch to our mobile site

EDITORS

Follow: Twitter and Facebook

Subscribe: Daily Email and RSS

Contact us • FAQ • Policies