[racket] About security for an input password

From: scouic (scouic at gmail.com)
Date: Fri Oct 15 07:36:14 EDT 2010

Hi,
As you know in other languages, it exists failures with security of
passwords, for example type 1OR1 with escape ' " strings, etc.

I am trying to make an interactive blog, and all users can post comments at
each posts, but only guys who know the password can create, update, delete
posts, etc.

In my code, i define an admin password ( a string ), for example with
(define admin-pass "foo")
Then, when i want to execute a protected action, like update posts, create,
delete, i have an input field named a-password, and i compare the two
passwords :
(if (equal? a-password admin-pass) (execute-my-code!) (printf "you cannot
make this action without admin privilege"))

This pseudo code is it securised, or is it easy to " escape " the password
verification and add new posts, delete, etc, without admin privilege ?

Thanks in advance,
-mw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20101015/8be59a46/attachment.html>

Posted on the users mailing list.