-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Length restriction on frontend inputs #6552
Comments
We have a method SetStringPropertiesMaxLength that allows us to set a limit on the length of the field in accordance with the length in the database. We can consider using it not only in the administration area but also in the public store. Then we just need to set restrictions in the table structure. |
After some consideration we've decided not to implement this functionality out of the box and leave it for customization because the original work item is already implemented. The issue with hashing could be reproduced there only and it's not related to other inputs (e.g. first name, etc) |
nopCommerce version: 4.60.1
All details at https://www.nopcommerce.com/en/boards/topic/96120/no-password-length-restriction-leads-to-denial-of-service
Let's investigate whether it can be used for any kind of attacks
Related work item: #6557
The text was updated successfully, but these errors were encountered: