Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /, /.

A Basil Plant@lemmy.world · 5 months ago

ArbitraryValue@sh.itjust.works · 5 months ago

How to say you’re vulnerable to code injection without saying you’re vulnerable to code injection.

tryptaminev 🇵🇸 🇺🇦 🇪🇺@feddit.de · edit-2 5 months ago

Are they vulnerable though, if they already exclude it at the user input?

I yet have to learn SQL and is there a way to allow passwords with '); DROP TABLE… without being vulnerable to an injection?

nevermind i googled it, and there various ways to do so

zqwzzle@lemmy.ca · 5 months ago

So they’re not hashing or salting the passwords too. Cool…

lobut@lemmy.ca · 5 months ago

Looking at that I wouldn’t be surprised if those rules are just client-side validation.

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */.