Cybersecurity - Memes

1876 readers

201 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

[email protected]

387

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */. (lemmy.world)

submitted 7 months ago by [email protected] to c/[email protected]

59 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 52 points 7 months ago (3 children)

So they’re not hashing or salting the passwords too. Cool…

[–] [email protected] 17 points 7 months ago (1 children)

They might be doing it in the DB query, but they’re definitely not sanitized beforehand.

[–] [email protected] 2 points 7 months ago (1 children)

Sanitization has nothing to do with salting and hashing.

[–] [email protected] 2 points 7 months ago

If you do the salting and hashing in a database query you need to sanitize the input before you use it or you open yourself to SQL injection.

Databases have salting and hashing functions, after all

[–] [email protected] 9 points 7 months ago (1 children)

Which makes me want to try and insert a password of a few megabytes worth of text. Should be fine, since there is no max lenght defined, right?

[–] [email protected] 4 points 7 months ago

If there is no overwrought prohibition of something I know that at least in America that means it’s

Affirmatively legal and
Legislatively encouraged by the FREEE Act

So give ’em hell!

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

That's not how it works. The code always has access to the submitted plaintext password. It's salted and hashed after it's verified for complexity. The complexity verification can even be done in JavaScript.