For about a week now, the following announcement has been inserted into my bank's login page:
form0.v1.value = form0.v1.value.replace(/^0+/,'');I saved a local copy of the login form, made that change, entered a login ID with leading zeroes, and verified that I can successfully and zerolessly log in to my account.
It's crazy how often services require people to perform textual transformations that can trivially be accomplished by regular expressions. The classic example is the purchase form that fails because a card number's hyphens or spaces were intermixed with digits. Clue: the hyphens or spaces are aids to the human being who is trying to process 16 digits using a brain that's wired for shorter sequences. Punctuation is a feature, not a bug. It is trivial, in any programming language, to ignore it. And yet we continue to shift the processing burden from machines to people.
I used to think this happens because programmers on the front lines of data processing don't grok regular expressions well enough. That's evidently still true, but the real problem, I think, is that the people who use these systems don't trust their own instincts. They suspect it's bullshit, but they can't be sure.
Well, trust me, it is. There are many inhumane procedures that software systems must necessarily inflict on people, but stripping punctuation and leading zeroes are not among them.
Update: Here's an excellent comment received in email from someone identifying as Wanderley:
This is indeed an issue to blame on pointy-haired bosses, but their names are Sarbanes and Oxley.
Bruce Timberlake adds:
Why isn't the bank preventing your local page from working? Seems to me that a referrer check, session ID, or something should be required to prove that the form is even being submitted from their own server, rather than someplace else.Indeed. That occurred to me as well. Yet another way in which they are not inspiring confidence in this customer.
Former URL: http://weblog.infoworld.com/udell/2006/05/03.html#a1441