.(lemmy.world)

posted 1 year ago

A Basil Plant@lemmy.world

cybersecuritymemes@lemmy.world

59 commentshide report

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments

[ - ]

zqwzzle@lemmy.ca

51 points

1 year ago

So they’re not hashing or salting the passwords too. Cool…

permalink

report

[ - ]

CrayonRosary@lemmy.world

1 point

1 year ago

That’s not how it works. The code always has access to the submitted plaintext password. It’s salted and hashed after it’s verified for complexity. The complexity verification can even be done in JavaScript.

permalink

report

parent

[ - ]

Rednax@lemmy.world

9 points

1 year ago

Which makes me want to try and insert a password of a few megabytes worth of text. Should be fine, since there is no max lenght defined, right?

permalink

report

parent

[ - ]

lars@lemmy.sdf.org

4 points

1 year ago

If there is no overwrought prohibition of something I know that at least in America that means it’s

Affirmatively legal and
Legislatively encouraged by the FREEE Act

So give ’em hell!

permalink

report

parent

[ - ]

Semi-Hemi-Demigod@kbin.social

17 points

1 year ago

They might be doing it in the DB query, but they’re definitely not sanitized beforehand.

permalink

report

parent

[ - ]

CrayonRosary@lemmy.world

2 points

1 year ago

Sanitization has nothing to do with salting and hashing.

permalink

report

parent

[ - ]

Semi-Hemi-Demigod@kbin.social

2 points

1 year ago

If you do the salting and hashing in a database query you need to sanitize the input before you use it or you open yourself to SQL injection.

Databases have salting and hashing functions, after all

permalink

report

parent

Cybersecurity - Memes

!cybersecuritymemes@lemmy.world

Create post

Only the hottest memes in Cybersecurity

Community stats

452
Monthly active users
87
Posts
1.2K
Comments

Community stats

Community moderators