Vue normale

À partir d’avant-hierFlux principal

Security: HTML password input

18 octobre 2014 à 19:06
So, except few exceptions, almost all passwords shouldn't have "any" limit on the size of them upward (= no maximum length). Riiiight? :)
(Since they aren't supposed to be stored in raw form anyway and most (if not all?) hashing algorithm accept any size of password and always return unique constant length string)

So why HTML doesnt prevent bad ideas to be working? Like setting a maximum length on a password input… The way I see it, that would just not work and be reported in the console for debbugging purpose.

For the things I, so called "exceptions", I was thinking about PIN codes for instance. I could imagine letting HTML implements a new tag (or a new type of input tag) allowing a max length, but surely it would surely be abused though… Maybe those "PIN code" input should allow one fixed-length of password (as expected from a PIN code anyway and that would induce way less abuse too):

Finally, my browser (maybe some others too, mine is currently Palemoon, a implementation of Firefox) only prevent me to type more characters when I reach the maximum allowed by max-length, …, it doesnt warn me, it does nothing but preventing… The problem is that, if it was plain text, I could notice it easily, but as it is a password input and that my password is longer than the visible length of the field, then I have no fucking clue that what I'm currently typing is thrown away as I type it… -_-
So, some fucking warning would be appreciated at least!
Permalink

Homepage | European Alternatives

29 août 2024 à 09:01

European Alternatives is a project that collects and analyzes European alternatives to digital services and products, such as cloud services and SaaS products. We regularly receive advice and suggestions from European Alternatives users, so feel free to reach out!

  • Web analytics services
  • Cloud computing platforms
  • Content delivery network (CDN) services
  • Email providers
  • Virtual private server (VPS) hosters
  • Search engines
  • Transactional email service
  • Domain name registrars
  • Time tracking apps
  • Navigation apps
  • Uptime monitoring services
  • File hosting services
  • Machine translation services
  • Object storage providers
  • Microblogging services
  • VPN services
  • Managed DNS providers
  • Professional networking platforms
  • Function as a service (FaaS) providers
  • Platform as a service (PaaS) providers
  • Error tracking services
  • Electronic signature software
  • Public DNS resolvers
  • Payment service providers
  • Captcha services
  • Spelling and grammar checkers
  • Password managers
  • Instant messaging apps
  • Version control services
  • Identity and access management (IAM) services
  • Live chat software
  • Web browsers
  • Video conferencing software
  • Document collaboration services
  • Calendar services
  • Email marketing services
  • Font services
  • WordPress hosting providers
  • Team communication services
  • Managed Kubernetes services
  • Video hosting services
  • Video platforms
  • Maps API services
  • Tag management systems
  • DDoS protection services
  • Session recording tools
  • ACME SSL certificate providers
  • Survey tools
  • Marketing automation software
  • Project Management Software
  • SMS APIs

Permalink
❌
❌