I was going to earn my credit with the supervisor for my quite advanced graphics program at a SunOS / Solaris with instant messaging enabled where with zephyr.vars or whatever it was called you could make an image appear on your listed friend's screen like if you alowed me I could just send you an image that appeared on your display. While I was demoing the program I had written so that the supervisor could give me credit for it, one of my friends sitting close or in the next room made the photo big-mama.xxx appear on my screen. There was never any discussion or penalty because of the incident and I got credit for the project that for ½ second seemed like it was programmed to display big-mama.xxx instead of solving the problem. (Earlier) I updated perl scripts and waited for sysadmin to reflect the changes to ouside the FW. Then the database was gone and it was not a bug it was a feature since the data was stored with the source and therefore updating the source blanked the persistence.

物理访问或模拟登录提示或登录屏幕是另外两种困难的情况，不需要过多的算法技术，很容易理解物理访问提供了许多可能性，模拟登录提示是您可以在许多不同类型的计算机和环境上进行的事情。

在我以前工作的店里有个不错的。通往非公共区域的门有小键盘，所以你必须输入pin码才能进入。然而，你只需按#，门就会打开，这是我们喜欢的事实，因为按#比按6位pin码容易得多。

在这里根据记忆来解释，但它很接近……

<form action="secretpage.html" id="authentication"          
      onsubmit="return document.forms.authentication.password.value == 's3cr3t'">
    Enter password: <input type="password" name="password"><br>
    <input type="submit" name="Login" >
</form>

我认识的一个家伙用这个来保护他网站的“私人区域”。起初，他不愿意相信我，甚至他的浏览器都有这个不可靠的“查看源代码”功能。

在我以前的学校，他们把用户密码以明文形式存储在cookie中。

这本身就很可怕，但更糟糕的是，他们把它们储存在饼干里供*.大学。当然，现在所有学生和员工的页面都在university.edu.au/~user这样的网站上。

<?php

var_dump($_COOKIE); // oops.

我之前至少有一个同事可能符合这个条件。

在密码数据输入元素中没有控制逻辑操作符(OR)。通过使用它，每个人都可以很容易地通过其他的条件。对于，select查询将像这样:

select *
from TheTable
where UserName=@id And Password=@pass OR 1=1