-
Notifications
You must be signed in to change notification settings - Fork 33
Feature: password too long #63
Comments
I never implemented something like this because generally we dont want to encourage limiting password length as a pattern to follow. What is the use case for this feature? The only thing I could think of is if you are implementing with a legacy system that imposed password length restrictions. I suppose having this does make it feature complete. I'll try to find some time to implement. Feel free to raise a PR if you have the time/interest to do this. Thanks for using the tool, glad you found it useful 👍 |
Hello,
very long passwords can be used to create a kind of denial of service
attack because the salting is very expensive. You might answer now, that
you have to check this on the server and it is done (don't trust the
browser). But it is important, that a real user gets immediate and correct
response on typing his password in the browser and not after submitting the
form to the server.
But it's ok, if you do not want to implement something like this. It can
live with the local workaround.
Sandro
…On Mon, Jun 11, 2018 at 6:29 PM Mateusz Wijas ***@***.***> wrote:
I never implemented something like this because generally we dont want to
encourage limiting password length as a pattern to follow. What is the use
case for this feature? The only thing I could think of is if you are
implementing with a legacy system that imposed password length restrictions.
I suppose having this does make it feature complete. I'll try to find some
time to implement. Feel free to raise a PR if you have the time/interest to
do this.
Thanks for using the tool, glad you found it useful 👍
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#63 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AOLJayvaJfSic5dgZvrGWh9yLNCKZo-8ks5t7pr-gaJpZM4UhmsR>
.
--
t.h.e. Software GmbH
Speyerer Strasse 4
D-76287 Rheinstetten
Tel. +49-7242-933779
contact@the-software dot de
www.the-software.de
Geschäftsführer: Dipl.-Ing. Sandro Heitz
Handelsregisternummer: HRB 107759, Amtsgericht Mannheim
USt.-IdNr.: DE 186773284
|
Nope that makes sense and I didnt think of that case, thanks for the explanation |
Hello,
I could create a pull request during the next weekend.
Sandro
By the way, the mountain looks impressive and much lonier than the alps!
…On Mon, Jun 11, 2018 at 7:06 PM Mateusz Wijas ***@***.***> wrote:
Nope that makes sense and I didnt think of that case, thanks for the
explanation
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#63 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AOLJa4ouh-Ajc_QsNASCZD5JAtGekWm5ks5t7qORgaJpZM4UhmsR>
.
--
t.h.e. Software GmbH
Speyerer Strasse 4
D-76287 Rheinstetten
Tel. +49-7242-933779
contact@the-software dot de
www.the-software.de
Geschäftsführer: Dipl.-Ing. Sandro Heitz
Handelsregisternummer: HRB 107759, Amtsgericht Mannheim
USt.-IdNr.: DE 186773284
|
@sandro-heitz I had some time to implement a fix here. Wondering why wouldnt you just pass |
I will have a look in a few days. I'm a bit busy at the moment. |
maxLengh is an adequate solution. Thank you ... |
Hi, it might be useful to check if a password is too long.
I downloaded your project and implemented it locally. The logic follows the tooShort pattern. But there is one important difference. Too long is only tested, if the maxLengh is greater than 0 and the default value is 0. This prevents breaking of existing applications.
By the way: nice work!
The text was updated successfully, but these errors were encountered: