384
Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */. (lemmy.world)
submitted 2 years ago by ABasilPlant@lemmy.world to c/cybersecuritymemes@lemmy.world
59 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] zqwzzle@lemmy.ca 51 points 2 years ago

So they’re not hashing or salting the passwords too. Cool…

[-] Semi-Hemi-Demigod@kbin.social 17 points 2 years ago

They might be doing it in the DB query, but they’re definitely not sanitized beforehand.

[-] CrayonRosary@lemmy.world 2 points 2 years ago

Sanitization has nothing to do with salting and hashing.

[-] Semi-Hemi-Demigod@kbin.social 2 points 2 years ago

If you do the salting and hashing in a database query you need to sanitize the input before you use it or you open yourself to SQL injection.

Databases have salting and hashing functions, after all

[-] Rednax@lemmy.world 9 points 2 years ago

Which makes me want to try and insert a password of a few megabytes worth of text. Should be fine, since there is no max lenght defined, right?

[-] lars@lemmy.sdf.org 4 points 2 years ago

If there is no overwrought prohibition of something I know that at least in America that means it’s

  1. Affirmatively legal and
  2. Legislatively encouraged by the FREEE Act

So give ’em hell!

[-] CrayonRosary@lemmy.world 1 points 2 years ago* (last edited 2 years ago)

That's not how it works. The code always has access to the submitted plaintext password. It's salted and hashed after it's verified for complexity. The complexity verification can even be done in JavaScript.

this post was submitted on 24 Jan 2024
384 points (98.2% liked)

Cybersecurity - Memes

3125 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Sam1232188@lemmy.fmhy.ml
Alphadef@programming.dev
CannaVet@lemmy.world