388

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */.(lemmy.world)

posted
by
Avatar
A Basil Plant@lemmy.world
in
Avatar
cybersecuritymemes@lemmy.world
59 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
zqwzzle@lemmy.ca
51 points

So they’re not hashing or salting the passwords too. Cool…

permalink
report
reply
Avatar
Semi-Hemi-Demigod@kbin.social
17 points

They might be doing it in the DB query, but they’re definitely not sanitized beforehand.

permalink
report
parent
reply
Avatar
CrayonRosary@lemmy.world
2 points

Sanitization has nothing to do with salting and hashing.

permalink
report
parent
reply
Avatar
Semi-Hemi-Demigod@kbin.social
2 points

If you do the salting and hashing in a database query you need to sanitize the input before you use it or you open yourself to SQL injection.

Databases have salting and hashing functions, after all

permalink
report
parent
reply
Avatar
Rednax@lemmy.world
9 points

Which makes me want to try and insert a password of a few megabytes worth of text. Should be fine, since there is no max lenght defined, right?

permalink
report
parent
reply
Avatar
lars@lemmy.sdf.org
4 points

If there is no overwrought prohibition of something I know that at least in America that means it’s

  1. Affirmatively legal and
  2. Legislatively encouraged by the FREEE Act

So give ’em hell!

permalink
report
parent
reply
Avatar
CrayonRosary@lemmy.world
1 point
*

That’s not how it works. The code always has access to the submitted plaintext password. It’s salted and hashed after it’s verified for complexity. The complexity verification can even be done in JavaScript.

permalink
report
parent
reply

Cybersecurity - Memes

!cybersecuritymemes@lemmy.world

Create post

Only the hottest memes in Cybersecurity

Community stats

  • 452

    Monthly active users

  • 87

    Posts

  • 1.2K

    Comments

Community moderators