Rank: Super forum user 
|
I have just tried to help IOSH and complete the IOSH survey that is popping up as I access this site but had trouble completing it as my hobbies and some other personal areas are being treated as security risks?
Anybody got any ideas or answers?
|
|
|
|
|
|
Rank: Administration
|
Hi Bob, thanks for your comment here.
The fields in this form have an extra layer of security behind them. Even though all submissions are anonymous, it nevertheless seems a sensible precaution in light of the recent events in the forums.
If you avoid the characters &, < and > in your field input, you should find that the form will submit without the security warnings. I've also added some inline guidance to the form page.
I hope that helps, any further issues please don't hesitate to send me a private message.
Many thanks,
Jon Barratt
Web Team
|
|
|
|
|
|
Rank: Super forum user 
|
Jon, that seems to me to be a glaring example of the "system" needs being put before those of real people. How can you possibly expect a good and representative response from the users of the site if such barriers are put in the way of our willingness to give our thoughts and time?
We are all asked to contribute to surveys with monotonous regularity on a variety of topics and with various motivations to complete them. Being rejected for using an ampersand is pretty poor.
|
|
|
|
|
|
Rank: Forum user 
|
I had the same problem on Monday with the security, thought it was my Mac so I'm pleased you've cleared that one up :)
|
|
|
|
|
|
Rank: Administration
|
Dear David,
Very often it's possible to 'trick' an application into doing something unintended by inserting special characters into input data. Sometimes these can be white space, backslashes, or single and double quotes. In this particular case, ampersands, less-than and greater-than signs are to be avoided.
Forms used in secure environments, such as online banking for example, will dynamically replace certain characters with HTML entities, e.g.:
& becomes &
< becomes <
> becomes >
" becomes "
For a simple, anonymous survey form however, rather than go to great time and expense with input sanitisation, it's common practice, and indeed best practice, to simply disallow 'risky' characters on the front end.
I hope you'll understand that we're not taking steps like these to create barriers, but it's small measures like this that can go a long way to keeping systems secure and functional.
Kind regards,
Jon
|
|
|
|
|
|
Rank: Super forum user 
|
It told me writing H&S manager as my job title was a security risk.
I decided if they could not be bother to beta test it before release I couldn't be bothered to respond.
I do wonder if anyone actually feels embarassed about this?
|
|
|
|
|
|
Rank: Super forum user
|
Jon Barratt wrote:Dear David,
Very often it's possible to 'trick' an application into doing something unintended by inserting special characters into input data. Sometimes these can be white space, backslashes, or single and double quotes. In this particular case, ampersands, less-than and greater-than signs are to be avoided.
Forms used in secure environments, such as online banking for example, will dynamically replace certain characters with HTML entities, e.g.:
& becomes &
< becomes <
> becomes >
" becomes "
For a simple, anonymous survey form however, rather than go to great time and expense with input sanitisation, it's common practice, and indeed best practice, to simply disallow 'risky' characters on the front end.
I hope you'll understand that we're not taking steps like these to create barriers, but it's small measures like this that can go a long way to keeping systems secure and functional.
Kind regards,
Jon
You are trying to defend the undefendable.
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.