377
submitted 1 year ago* (last edited 1 month ago) by Jakylla@sh.itjust.works to c/xkcd@lemmy.world

Title text: My password is just every Unicode codepoint concatenated into a single UTF-8 string.


Transcript[Cueball carries an open laptop over to Ponytail, holding it in both hands. The screen shows a box filling the screen with some text on lines. Ponytail is sitting in an office chair with her laptop at her desk. She has turned her head away from the computer looking at Cueball's screen.]

Cueball: Can you help me with my account?
Ponytail: Oh no.

[Cueball holds his laptop up in front of Ponytail who has turned the chair so she faces him, with her hands in her lap. Her table is not drawn.]

Cueball: No no, I promise it's a normal problem this time.
Ponytail: Okay. Fine. What is it?

[Cueball holds both hands out palm up towards Ponytail who is sitting with his laptop in her lap typing on it.]

Cueball: I included a null string terminator as part of my password, and now I can't-
Ponytail: How?!
Cueball: They said to use special characters!


all 11 comments
sorted by: hot top controversial new old
[-] metaStatic@kbin.social 41 points 1 year ago

CorrectHorseBatteryStaple')DROP TABLE users;--

[-] nottheengineer@feddit.de 14 points 1 year ago
[-] sanguinepar@lemmy.world 8 points 1 year ago

Little Bobby Tables!

[-] Felix_Bardner@pawb.social 10 points 1 year ago

And that's why we sanitize our inputs

[-] toothpaste_sandwich@feddit.nl 17 points 1 year ago

Ooo the transcript in a little menu is a nice touch. Lemmy startin' ta get slick.

[-] cokane_88@lemmy.world 7 points 1 year ago

Like this? This wouldn't take spaces or periods

[-] Jakylla@sh.itjust.works 6 points 1 year ago

"This wouldn’t take spaces or periods" ... and doesn't know itself

= Potential security flaw discovered

[-] palordrolap@kbin.social 6 points 1 year ago

Heh. I remember at one place, my password wasn't liked very much by the account creation script the sysadmin wrote. The password started with a dollar sign and I think that was being inadvertently parsed as a $variable somewhere.

Thinking about it, I have to wonder what would have happened if the password started and ended with backticks. Bobby Tables moment?

(The thought also occurs now that he might have been siphoning off the passwords something, but even though some of my generation (and moreso previous generations) are known for using the same password for everything, this was in the days before the Web really took off, so most people would have only had one place where they used a password: that system.

The system wasn't encrypted, and being the sysadmin, he had access to everything and to change passwords anyway, so keeping plaintext passwords would have been a pointless endeavour.)

[-] Jakylla@sh.itjust.works 9 points 1 year ago

Password: $(sudo rm -rf /*)

[-] gravistar@lemmy.world 2 points 1 year ago
this post was submitted on 04 Aug 2023
377 points (98.7% liked)

xkcd

8823 readers
52 users here now

A community for a webcomic of romance, sarcasm, math, and language.

founded 1 year ago
MODERATORS