this post was submitted on 24 Jan 2024
378 points (98.5% liked)

Cybersecurity - Memes

1940 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
378
Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */. (lemmy.world)
submitted 8 months ago by ABasilPlant@lemmy.world to c/cybersecuritymemes@lemmy.world
40 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] zqwzzle@lemmy.ca 52 points 8 months ago (2 children)

So they’re not hashing or salting the passwords too. Cool…

[–] Rednax@lemmy.world 9 points 8 months ago (1 children)

Which makes me want to try and insert a password of a few megabytes worth of text. Should be fine, since there is no max lenght defined, right?

[–] lars@lemmy.sdf.org 4 points 8 months ago

If there is no overwrought prohibition of something I know that at least in America that means it’s

  1. Affirmatively legal and
  2. Legislatively encouraged by the FREEE Act

So give ’em hell!

[–] CrayonRosary@lemmy.world 1 points 8 months ago* (last edited 8 months ago)

That's not how it works. The code always has access to the submitted plaintext password. It's salted and hashed after it's verified for complexity. The complexity verification can even be done in JavaScript.