Go Back   CodingForums.com > :: Server side development > Other server side languages/ issues > ColdFusion
Reload this Page Allowing Spaces in Username/Password

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 04-02-2010, 02:50 PM   PM User | #1
reddem0n
New to the CF scene

 
Join Date: Oct 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
reddem0n is an unknown quantity at this point
Allowing Spaces in Username/Password
I'm on a coldfusion server and one of the biggest issues with login problems with clients is that, when they copy and paste login information down, they copy spaces with it too. Then a lot of time gets wasted trying to figure out why they can't login.

So I thought about allowing whitespace characters with login so this issue would be resolved once and for all. I checked some major sites and they do not accept it, but google seems to accept whitespace characters.

Does anyone see any security issue to this?

If not, how do you think I should code the TRIM value for the username/password in the form login, so that before the page hits the database to check for a match on the username/password, it would remove the whitespace characters the person would enter.

As far as what I need accomplished, basically the ability to accept spaces entered before or after the username and password.
reddem0n is offline   Reply With Quote
Old 04-03-2010, 06:07 PM   PM User | #2
Gjslick
Regular Coder

 
Join Date: Feb 2009
Location: NJ, USA
Posts: 476
Thanks: 2
Thanked 70 Times in 69 Posts
Gjslick will become famous soon enough
There's no real security issue that I know of with allowing white space in a username or password, as long as you have the proper code on the backend to avoid SQL injection attacks. That includes either calling a stored procedure to access the database, or using <cfqueryparam> tags in direct SQL (with <cfquery>).

I personally use trim() for usernames and passwords, both when they are creating them, and when they are using them. When copying from MS word, a web page, or some other programs, a little white space can automatically be copied as well. However, people won't realize this in a password field which just shows **********.

This is pretty much my query to check a username/password:
Code:
<cfquery name="checkUser" datasource="db">
    SELECT username, password FROM users
    WHERE 
        username = <cfqueryparam value="#trim( form.username )#" cfsqltype="CF_SQL_VARCHAR">
        AND password = <cfqueryparam value="#trim( form.password )#" cfsqltype="CF_SQL_VARCHAR">
</cfquery>
However if you do want to accept white space before and after, then just don't run trim() on the values that are provided to the database.

Hope that helps.

-Greg
Gjslick is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 01:38 PM.
Advertisement
Log in to turn off these ads.