After Matt, a user, enters his username and password at the login screen of a web enabled
portal, the following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?
A.
Proper error handling
B.
Proper input validation
C.
Improper input validation
D.
Improper error handling
I am not certain about the definitions of “proper” and “improper input validation”. BUT, display an error message that give a hint as what the use typed in as a password is a bad thing.
What if it went one step further, for example, “The password you typed contains a dash, passwords on this site cannot contain a dash”.
Its giving a shoulder surfer a clue at a password you use (maybe not for this website, but another login).
So I would say its not “proper”, it should simply say “invalid password”.
But of course the question does not say if it validate the username field or password field.
…My 2 cents…
0
0
It sounds like it might be client side. Client side validation is not sufficient alone. In short, not enough to decide whether it is good or bad input validation.
Also, restrictions like this on passwords would be a bad thing, and probably not desirable UX for the username, either.
Quite a few of these questions are less than satisfactory.
0
0