384

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */. (lemmy.world)

submitted 6 months ago by ABasilPlant@lemmy.world to c/cybersecuritymemes@lemmy.world

59 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] pirrrrrrrr@lemmy.dbzer0.com 8 points 6 months ago

Maybe they filtered those strings to be safe, and put the notice there to answer the invertible "why won't it accept my password" queries.

It's a shitty password engine. But not necessarily uncleansed

[-] ArbitraryValue@sh.itjust.works 5 points 6 months ago* (last edited 6 months ago)

If they're trying to protect themselves from code injection by rejecting certain user input like that, then they don't actually know how to protect themselves from code injection correctly and there may be serious vulnerabilities that they've missed.

(I think it's likely that, as others have said, they're using off-the-shelf software that does properly sanitize user input, and that this is just the unnecessary result of management making ridiculous demands. Even then, it's evidence of an organization that doesn't have the right approach to security.)

[-] OneWomanCreamTeam@sh.itjust.works 2 points 6 months ago

I don't know, maybe they saw that classic XKCD comic and now they're thinking "hahah, I'm wise to your tricks, ya little shit"

this post was submitted on 24 Jan 2024

384 points (98.5% liked)

Cybersecurity - Memes

1668 readers

495 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Sam1232188@lemmy.fmhy.ml

Alphadef@programming.dev

CannaVet@lemmy.world