Well, the Bank of America online banking website just earned my ire in this realm.
I'm trying to reset my password to use an algorithm that I've developled for myself. My algorithm generates very secure passwords that are easy for me to remember, and different for each place I use it, using letters, numbers, and symbols. Well, the online banking site has some specific rules for creating passwords:
- It cannot contain special character $ < > & ^ ! [ ]
Now, these are probably metacharacters for whatever language is running the site on the back end. The problem is that, from what I can assess, they don't FRAKING QUOTE the password that you supply them that would prevent whatever language they're using on the back end from interpreting the symbols as metacharacters. Either that, or they don't trust the front-end (the part that we enter our username and password into) to pass the symbols to the backend properly, which should also be solved by quoting the string.
Now, unless someone from Bank of America calls me on this, I'm going to assume that someone in the web development team is a moron, and didn't do enough homework when he/she got their Computer Engineering degree.
I'm not studied in this field, but I know enough to talk to professionals about this on a reasonably intelligent level, having done web development in PERL. If anyone can give me a reasonable explanation, I will post it here, and issue an apology if needed.