The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words “insert,” “delete,” “drop,” “update,” “null,” or “select.”
The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words “insert,” “delete,” “drop,” “update,” “null,” or “select.”
good? bad?
Well bad if such attempts to hack the database work...
A little less bad if proper escaping of SQL parameters are actually done on query execution - but in that case, why even advertise such things to customers?
Peter Mescalchin - 14th May 2010 00:58 - #
omg
zomg - 14th May 2010 04:17 - #
Also when selecting your security questions, your first roommate shouldn't be named Robert'); DROP TABLE Customer;--
huxley - 14th May 2010 04:28 - #
Fortunately it looks like they're using it as a primitive spam or hacking filter, not that little Bobby Tables will ruin your finances. (If you're using those words, you're trying to mess with their system.)
Erik Vorhes - 14th May 2010 04:42 - #
Heh, they forgot about "truncate", "grant", "lock", and "rename".
/me makes a note to never use Sacramento CU
I recognise this problem! I'm guessing they have mod_security for Apache installed and badly configured, and this is a workaround until they can get someone in to fix it.
Well, that explains the banned words, anyway. The apostrophe is far more worrying.
Yoz - 14th May 2010 10:03 - #
It might not be mod_security, while their main site runs Apache, the headers for signing up for a bank account report ASP.NET on IIS 6.
Hopefully still just a poorly configured security filter issue as opposed to a serious security chasm ...
huxley - 14th May 2010 16:53 - #
The correct way to handle Bobby Tables: http://bobby-tables.com/
Andy Lester - 14th May 2010 20:38 - #
Felt so hopeless lokonig for answers to my questions...until now.
Butterfly - 22nd September 2011 19:52 - #
evalon cream - 25th September 2011 17:39 - #
It's really great that people are sharing this infromtaoin.
Isabelle - 8th October 2011 22:38 - #
Yeah that's what I'm tkalnig about baby--nice work!
Boston - 10th October 2011 04:37 - #
riya - 17th October 2011 07:25 - #
ugg pas cher - 27th October 2011 03:33 - #
Video Converter - 28th October 2011 13:49 - #
affiliate network - 13th December 2011 07:57 - #
affiliate network - 13th December 2011 08:05 - #
hyaluronic acid benefits - 13th December 2011 10:23 - #
the best payday loans - 14th December 2011 12:56 - #
bank rates cd - 31st January 2012 15:14 - #
watch bleach on iphone - 1st February 2012 13:41 - #
promotional codes - 1st February 2012 15:28 - #
I love what you had put in your site. It has many valuable information. http://www.top-designs.net/
Luisaviaroma - 8th February 2012 04:49 - #
superking - 8th February 2012 11:41 - #
cash advance online - 8th February 2012 13:42 - #
compare auto insurance quotes - 11th February 2012 11:35 - #
bank rates cd - 12th February 2012 14:10 - #
instant cash usa - 15th February 2012 10:46 - #
mntnrgi
nwkldp - 24th February 2012 04:12 - #
hybntcqu
rcdela - 24th February 2012 04:12 - #
web hosting reseller plans - 29th February 2012 08:52 - #
urgetech3 - 29th February 2012 08:53 - #
pbhzthbh
vkuply - 3rd March 2012 01:12 - #
kanika - 28th March 2012 13:08 - #
L’autre solution consiste à insérer des boucles spip accédant aux données du plugins form et tables dans le squelette pour afficher les données.
USA hotels - 31st March 2012 12:52 - #
Thanks for another informative post.
Jackson Coosa - 1st April 2012 10:55 - #
Jameswalker - 3rd April 2012 18:58 - #
A perfect info source. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. <a href="http://www.onlinehomebusiness.co/online-home -business/" rel="follow">online home based business opportunity</a>
online home based business opportunity - 14th April 2012 08:43 - #
kumar - 14th April 2012 08:46 - #
Frank - 20th April 2012 00:50 - #
Mike - 20th April 2012 05:14 - #
You got a really useful blog I have been here reading for about an hour. I am a newbie and your success is very much an inspiration for me.
office movers chicago - 7th May 2012 13:42 - #
wuHUQM Thanks so much for the article.Really looking forward to read more. Really Cool.
bookmarking - 11th May 2012 04:39 - #
:) this made me laugh a bit
order amoxil - 14th May 2012 05:05 - #
Hey your collection is outstanding,I never see such a type of collection before.Thanks for sharing it with us.keep it up
buy hydrocodone online - 18th May 2012 17:27 - #
Organic Supplements - 21st May 2012 13:06 - #
Thanks for the information. I’m really glad that you share your ideas about this. I must relay this ideas to my friends.
Testosterone Booster Supplements - 21st May 2012 14:21 - #
I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you! The information that you have provided is very helpful.
best organic SEO - 21st May 2012 20:56 - #
As social media and online content become more popular, the number of choices available to a user to consume digital information continues to increase" this is very informative thanks for sharing.
natural supplements - 22nd May 2012 11:55 - #
Wonderful site and I wanted to post a note to let you know, ""Good job""! I’m glad I found this blog. Brilliant and wonderful job ! Your blog site has presented me most of the strategies which I like. Thanks for sharing this.
<a href="http://www.mycarepharmacy.com/">buy medicine</a>
buy medicine - 22nd May 2012 16:27 - #
The positive comments and do well wishes are very motivational and greatly appreciated.
buy medicine - 22nd May 2012 16:28 - #
nice to share my love is wonderful to tell you that a healthy green gives you the best Organic vitamins, herbal remedies and organic supplements.
buy xanax online - 22nd May 2012 16:57 - #
cost effective Google organic SEO - 25th May 2012 18:56 - #