Main > Everything Else

Password requirements are getting ridiculous

<< < (14/14)

boykster:

--- Quote from: Samstag on September 19, 2008, 01:25:28 pm ---
--- Quote from: RayB on September 19, 2008, 12:56:53 pm ---Requiring use of symbols is pretty ridiculous. Most properly programmed web sites and applications should refuse to accept any symbols, and strip them out of all text entry fields to prevent what's called "SQL injections". Seems quite stupid to allow ? < > & etc which are all reserved characters in PHP, HTML, and even file OS's


--- End quote ---

Any system that stores the password text you entered in a database deserves to be "injected".

--- End quote ---

totally agree; at the very least passwords should be stored as a simple hash.  Salted has is better, strong encrypted would be best.  And heck, anybody that uses dynamic SQL anymore is wideopen for a SQL injection attack.  That's easily solved by either using stored procedures with parameters, or parameterized SQL. Either of those will defend against SQL injection.

Navigation

[0] Message Index

[*] Previous page

Go to full version