Hacker News new | past | comments | ask | show | jobs | submit login

It's only the same thing if you look from a very shallow angle. Stripping part of the user input to ensure it's entered by the person themselves is otherwise completely different from replacing user input with different data. One defends against a specific kind of attack, the other is a malicious attack.



**m **ad ** **rks **r **u **d **esn't **furiate **u. **r **curity, **ease **ll **e **ssing **aracters ** **ur **nvenience.


How often to you write random text into the IBAN field of your bank? Never, because it's an identification number? What a coincidence.

I mean, just think this two steps further. Hackers change input, and banks change input, so hackers == banks? But hackers also change what is displayed on the screen, and password fields change what is displayed on the screen, so hackers == password fields? Pressing my mouse button on the "reply" button changes what is displayed, so hackers == my mouse?


No, my premise is very straightforward. Do not modify the text during the copy and paste workflow. Copy and paste workflow is well defined and established concept by now. That bad actors are doing it doesn't mean you should. No point in exaggerating my premise and ridiculing me.


> No, my premise is very straightforward. Do not modify the text during the copy and paste workflow.

That's not the premise you stated earlier. That was: "Banks and hackers do the same thing by modifying the text during the copy and paste workflow", which completely ignores what kinds of modifications are happening.

> Copy and paste workflow is well defined and established concept by now. That bad actors are doing it doesn't mean you should.

See? You're doing it again. Banks are not doing what "bad actors are doing". Banks are doing something else.

> No point in exaggerating my premise and ridiculing me.

I am not exaggerating your premise and ridiculing you, I'm continuing your logic to show its' flawed premise. You stated that "banks and hackers are doing the same thing", and the reason it's the same is due to the literal operation being the same. Why can't I extend this logically to other operations that are the same? A password field changes what is displayed compared to my input, how is that different from a hacker changing what is displayed compared to my input?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: