XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] It is okay for things to break in the future!

Even today, my primary bank’s online “pay anyone” payment form will not allow me to paste in a payment amount or a destination account number that contains anything other than numbers and (for amounts) a decimal point. So I can’t copy and paste a number like “$1,234.50”, nor an account number like 636-326 0012 4312, and have the form strip out the characters it doesn’t accept; instead, I have to type them in by hand, and risk transferring the wrong amount to the wrong account number, every time.

Every time I make a payment I think of how the designers avoided one problem (invalid data) and by doing so in a primitive, simplistic fashion created another, more insidious one (valid but incorrect data). It’s actually pretty symptomatic of my bank’s traditionally primitive use of technology (they’re otherwise a very good bank :)




> On 4 Sep 2022, at 12:30 pm, Liam R. E. Quin <liam@fromoldbooks.org> wrote:
> 
> On Sat, 2022-09-03 at 16:26 -0600, C. M. Sperberg-McQueen wrote:
>> a data validation routine that expects a house number followed by a
>> street name is going to be worse than useless.)
> 
> In the 1990s/2000s i had a friend whose telephone number in the UK was
> "Prickwillow 23". You had to call the operator to get connected. But
> good luck getting forms to accept it.
> 
> Around the same time i tried to book a flight on Continental Airlines;
> their Web site said that my Canadian postal code was "not a valid zip
> code" and "a postal code cannot contain an M". (yes, yes, they can).
> 
> I ended up calling Continental on their 8900 nuymber, spending maybe an
> hour on the 'phone, and they managed to find an old-fashioned "swipe"
> VISA machine and wrote my credit card number in on it by hand, because
> they couldn't get the system to work either.
> 
> I wrote to their support, who said, "Make sure you're on the page for
> Canada" and sent me a Microsoft Word file containing an embeddee
> screenshot. I replied to say, "I _was_ on the Canada page, please
> forward to next level support!"
> 
> A month or so later I got a response to say they'd fixed the problem -
> but in the meantime of course, no-one in Canada could book tickets on
> Continental Airlines' Web site.
> 
> There's a tradeoff between rejecting garbage input and accepting real
> data. Cf. Little Bobby Tables. But the same inept programming that gave
> us SQL injection vulnerabilities also gave us CDATA injection
> vulnerabilities and forms that enforce bad constraints.
> 
> liam
> 
> 
> 
> -- 
> Liam Quin, https://www.delightfulcomputing.com/
> Available for XML/Document/Information Architecture/XSLT/
> XSL/XQuery/Web/Text Processing/A11Y training, work & consulting.
> Barefoot Web-slave, antique illustrations:  http://www.fromoldbooks.org



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS