Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words “insert,” “delete,” “drop,” “update,” “null,” or “select.”

Sacramento Credit Union

Posted 14th May 2010 at 12:40 am

Tagged , ,

55 comments

  1. good? bad?

    Saqib Ali - 14th May 2010 00:52 - #

  2. Well bad if such attempts to hack the database work...

    A little less bad if proper escaping of SQL parameters are actually done on query execution - but in that case, why even advertise such things to customers?

    Peter Mescalchin - 14th May 2010 00:58 - #

  3. omg

    zomg - 14th May 2010 04:17 - #

  4. Also when selecting your security questions, your first roommate shouldn't be named Robert'); DROP TABLE Customer;--

    huxley - 14th May 2010 04:28 - #

  5. Fortunately it looks like they're using it as a primitive spam or hacking filter, not that little Bobby Tables will ruin your finances. (If you're using those words, you're trying to mess with their system.)

    Erik Vorhes - 14th May 2010 04:42 - #

  6. Heh, they forgot about "truncate", "grant", "lock", and "rename".

    /me makes a note to never use Sacramento CU

    Scott - 14th May 2010 05:13 - #

  7. I recognise this problem! I'm guessing they have mod_security for Apache installed and badly configured, and this is a workaround until they can get someone in to fix it.

    Well, that explains the banned words, anyway. The apostrophe is far more worrying.

    Yoz - 14th May 2010 10:03 - #

  8. It might not be mod_security, while their main site runs Apache, the headers for signing up for a bank account report ASP.NET on IIS 6.

    Hopefully still just a poorly configured security filter issue as opposed to a serious security chasm ...

    huxley - 14th May 2010 16:53 - #

  9. The correct way to handle Bobby Tables: http://bobby-tables.com/

    Andy Lester - 14th May 2010 20:38 - #

  10. Felt so hopeless lokonig for answers to my questions...until now.

    Butterfly - 22nd September 2011 19:52 - #

  11. Health articles I just want to thank you for pharmacy shop your information / turorial and your website or blog, this is a simple, but good article I have ever seen, I like it, I learned something today! Thanks!

    evalon cream - 25th September 2011 17:39 - #

  12. It's really great that people are sharing this infromtaoin.

    Isabelle - 8th October 2011 22:38 - #

  13. Yeah that's what I'm tkalnig about baby--nice work!

    Boston - 10th October 2011 04:37 - #

  14. A very nice post, thank you for this article as I learn something interesting Online Jobs

    riya - 17th October 2011 07:25 - #

  15. I will recommend my friends to read this. Bottes UGGI am quite sure they will UGG Pas Cher learn lots of new stuff here than anybody else!

    ugg pas cher - 27th October 2011 03:33 - #

  16. Just to demonstrate the Free DVD Ripperweight we should all attach to Underwood's statement, DVD Ripperthe Collins dictionary Video Converter has just added "hashbangs" to its new edition of the dictionary.

    Video Converter - 28th October 2011 13:49 - #

  17. Great post, and great website. Thanks for the information! affiliate network

    affiliate network - 13th December 2011 07:57 - #

  18. I think that thanks for the valuable information and insights you have so provided here.http://envyusmedia.com/content/about-envyusme dia/index.html

    affiliate network - 13th December 2011 08:05 - #

  19. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article.hyaluronic acid benefits

    hyaluronic acid benefits - 13th December 2011 10:23 - #

  20. Thanks for the valuable information and insights you have so provided here... the best payday loans

    the best payday loans - 14th December 2011 12:56 - #

  21. This article gives the light in which we can observe the reality. This is very nice one and gives indepth information. Thanks for this nice article. bank rates cd

    bank rates cd - 31st January 2012 15:14 - #

  22. I am very happy to discover your post as it will become on top in my collection of favorite blogs to visit. watch bleach on iphone

    watch bleach on iphone - 1st February 2012 13:41 - #

  23. I would like to say that this blog really convinced me to do it! Thanks, very good post. promotional codes

    promotional codes - 1st February 2012 15:28 - #

  24. I completely agree with you. I have no point to raise in against of what you have said I think you explain the whole situation very well essay writing help | essay writing service | uk essay writing

    smithhogg - 6th February 2012 11:16 - #

  25. I love what you had put in your site. It has many valuable information. http://www.top-designs.net/

    Luisaviaroma - 8th February 2012 04:49 - #

  26. I love the way you write and share your niche! Very interesting and different! Keep it coming! fast cash advance

    superking - 8th February 2012 11:41 - #

  27. I have bookmarked your blog, the articles are way better than other similar blogs.. thanks for a great blog! cash advance online

    cash advance online - 8th February 2012 13:42 - #

  28. I can set up my new idea from this post. It gives in depth information. Thanks for this valuable information for all,.. compare auto insurance quotes

    compare auto insurance quotes - 11th February 2012 11:35 - #

  29. This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information. Keep it up. Keep blogging. Looking to reading your next post. bank rates cd

    bank rates cd - 12th February 2012 14:10 - #

  30. I would like to say that this blog really convinced me to do it! Thanks, very good post. instant cash usa

    instant cash usa - 15th February 2012 10:46 - #

  31. mntnrgi

    nwkldp - 24th February 2012 04:12 - #

  32. hybntcqu

    rcdela - 24th February 2012 04:12 - #

  33. It's an inversion on what Groucho Marx used to say about belonging to clubs. web hosting reseller plans

    web hosting reseller plans - 29th February 2012 08:52 - #

  34. It's an inversion on what Groucho Marx used to say about belonging to clubs.web hosting reseller plans

    urgetech3 - 29th February 2012 08:53 - #

  35. pbhzthbh

    vkuply - 3rd March 2012 01:12 - #

  36. I have been reading your posts regularly. I need to say that you are doing a fantastic job. Please keep up the great work. wholesale fashion jewelry

    kanika - 28th March 2012 13:08 - #

  37. L’autre solution consiste à insérer des boucles spip accédant aux données du plugins form et tables dans le squelette pour afficher les données.

    USA hotels - 31st March 2012 12:52 - #

  38. Thanks for another informative post.

    Jackson Coosa - 1st April 2012 10:55 - #

  39. Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. Internat England

    Jameswalker - 3rd April 2012 18:58 - #

  40. A perfect info source. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. <a href="http://www.onlinehomebusiness.co/online-home -business/" rel="follow">online home based business opportunity</a>

    online home based business opportunity - 14th April 2012 08:43 - #

  41. I also found your posts very interesting. In fact after reading, I had to go show it to my friend and he ejoyed it as well! online home based business opportunity

    kumar - 14th April 2012 08:46 - #

  42. There is a fair amount of controversy in the scientific community regarding the use of this substance in food manufacturing process. Hot Wife

    Frank - 20th April 2012 00:50 - #

  43. Though the strategy is regularly criticized by experts in the field, it is being used under the guise of implicit analogies tacitly approved by those at the top. opticians cheadle hulme

    Mike - 20th April 2012 05:14 - #

  44. You got a really useful blog I have been here reading for about an hour. I am a newbie and your success is very much an inspiration for me.

    office movers chicago - 7th May 2012 13:42 - #

  45. wuHUQM Thanks so much for the article.Really looking forward to read more. Really Cool.

    bookmarking - 11th May 2012 04:39 - #

  46. :) this made me laugh a bit

    order amoxil - 14th May 2012 05:05 - #

  47. Hey your collection is outstanding,I never see such a type of collection before.Thanks for sharing it with us.keep it up

    buy hydrocodone online - 18th May 2012 17:27 - #

  48. I subscribed to your rss feed though and will certainly keep following your writing and possibly down the road I may chime in once again in much more detail. Organic supplements

    Organic Supplements - 21st May 2012 13:06 - #

  49. Thanks for the information. I’m really glad that you share your ideas about this. I must relay this ideas to my friends.

    Testosterone Booster Supplements - 21st May 2012 14:21 - #

  50. I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you! The information that you have provided is very helpful.

    best organic SEO - 21st May 2012 20:56 - #

  51. As social media and online content become more popular, the number of choices available to a user to consume digital information continues to increase" this is very informative thanks for sharing.

    natural supplements - 22nd May 2012 11:55 - #

  52. Wonderful site and I wanted to post a note to let you know, ""Good job""! I’m glad I found this blog. Brilliant and wonderful job ! Your blog site has presented me most of the strategies which I like. Thanks for sharing this.
    <a href="http://www.mycarepharmacy.com/">buy medicine</a>

    buy medicine - 22nd May 2012 16:27 - #

  53. The positive comments and do well wishes are very motivational and greatly appreciated.

    buy medicine - 22nd May 2012 16:28 - #

  54. nice to share my love is wonderful to tell you that a healthy green gives you the best Organic vitamins, herbal remedies and organic supplements.

    buy xanax online - 22nd May 2012 16:57 - #

  55. Amazing!I also wish him good luck to defend his gold medal. I like to share it with all my friends and hope they will also encourage him. http://www.ictmentors.com/

    cost effective Google organic SEO - 25th May 2012 18:56 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site