Wednesday, November 11, 2009

A Usability Issue

You might have noticed while surfing some websites; there pops up a security warning from browser stating:

This page contains both secure and non-secure items; do you want to display the non-secure items?

Though internet savvy know the meaning of this warning well enough but this can turn into an annoying gesture for naïve internet users and I have experienced it with some of our customers.

The reason behind this warning message is improperly usage of contents at the page.
Whenever designers/developers use a graphic from non-secure site (i.e. a site that doesn't have SSL enabled) on a secure web page (i.e. a page that is build up using SSL enabled) this warning pops up so its a good practice to copy all your graphics/contents to a secure site before using them on secure pages.

This warning can be disabled in IE by going through Tools > Internet Options > Security > Custom Level > Miscellaneous > Display mixed content and change it to 'Enable' instead of 'Prompt'.

Tuesday, November 10, 2009

Oh No - Do I look like that old ??

The other day I created my account at a job recruitment website and got these details about myself from them :)
They treated me as a V.O.P. (Very Old Person) instead of V.I.P.

|-- Quality lies in the eyes of customer --|

Friday, November 6, 2009

Special Characters Introduce Special Bugs

Yesterday I was testing an application that demands its users to click on an activation link after creating a user ID and password to become a registered member of the website. All was going pretty well but suddenly it refused to activate a new member and displayed an error message of 'Activation link is invalid'.

I went through the link which consisted of an string at the end of URL that randomly generated for each user. This string sometimes made up of special characters too. After 15 minutes of brainstorming I got to know that (+) and (%) special characters were actually messing the process up. Whenever this randomize string contains these 2 characters, application was reluctant to activate the user successfully because:
  • (+) sign used to concatenate expressions in programming languages.
  • (%) sign used as a wildcard character in SQL and moreover if its immediately followed by a 2-digit hexadecimal character it denotes an octet specifying a character that might otherwise not be allowed in URLs.
And in my case randomize string was 'b%2C6np' and '%2C' is percent-encoding of comma (,) punctuation mark.
No doubt, it taught me a good lesson to learn.

|-- Quality lies in the eyes of customer --|