Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /, /.

A Basil Plant · 1 year ago

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /, /.

@zqwzzle@lemmy.ca · 1 year ago

So they’re not hashing or salting the passwords too. Cool…

Semi-Hemi-Demigod · 1 year ago

They might be doing it in the DB query, but they’re definitely not sanitized beforehand.

@CrayonRosary@lemmy.world · 1 year ago

Sanitization has nothing to do with salting and hashing.

Semi-Hemi-Demigod · 1 year ago

If you do the salting and hashing in a database query you need to sanitize the input before you use it or you open yourself to SQL injection.

Databases have salting and hashing functions, after all

@Rednax@lemmy.world · 1 year ago

Which makes me want to try and insert a password of a few megabytes worth of text. Should be fine, since there is no max lenght defined, right?

@CrayonRosary@lemmy.world · edit-2 1 year ago

That’s not how it works. The code always has access to the submitted plaintext password. It’s salted and hashed after it’s verified for complexity. The complexity verification can even be done in JavaScript.

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */.

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */.

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /, /.

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /, /.