• koper@feddit.nl
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 month ago

    Why the password.trim()? Silently removing parts of the password can lead to dangerous bugs and tells me the developer didn’t peoperly consider how to sanitize input.

    I remember once my password for a particular organization had a space at the end. I could log in to all LDAP-connected applications, except for one that would insist my password was wrong. A trim() or similar was likely the culprit.

    • spechter@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Another favorite of mine is truncating the password to a certain length w/o informing the user.

      • NotationalSymmetry@ani.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        Saving the password truncates but validation doesn’t. So it just fails every time you try to log in with no explanation. The number of times I have seen this in a production website is too damn high.

      • Flipper@feddit.org
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        The password needs to be 8 letters long and may only contain the alphabet. Also we don’t tell you this requirement or tell you that setting the password went wrong. We just lock you out.