Technology

59080 readers

4277 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

founded 1 year ago

MODERATORS

303

submitted 1 year ago by Salamendacious@lemmy.world to c/technology@lemmy.world

276 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[+] viking@infosec.pub -5 points 1 year ago (3 children)

[deleted]

[–] Username@feddit.de 10 points 1 year ago

That's not how any of this works.

First of all, stripping passwords is never okay. You can reject the password and let the user choose a new one, but never just modify it on your own.

Then, if your system is at risk of code injection by certain characters in user input, please just shut it down and never turn it on again.

[–] ricecake@sh.itjust.works 6 points 1 year ago (1 children)

Doing that is actually a great way to tell attackers that you're vulnerable to that type of attack.

Bypassing those front end restrictions is super easy, and the attackers don't need an account or a password to attack you.

It's like putting a sign that says "lock fragile; don't tug" on the door to your business.

[–] Dark_Arc@social.packetloss.gg 1 points 1 year ago

It's like putting a sign that says "lock fragile; don't tug" on the door to your business.

That one made me chuckle, it really do be like that 😂

[–] Honytawk@lemmy.zip 3 points 1 year ago

Learn how to sanitise your database inputs first, damnit!