Jump to content

Why no password sanitization?


Manaus
 Share

Recommended Posts

http://processwire.com/talk/topic/3543-register-users-and-add-page-same-as-username/#entry34854


The password is actually one thing (and probably the only thing) that you really shouldn't sanitize, because you don't want to change the password they entered. What you should do instead is validate it, making sure that it's a string with some length and at least [n] characters (whatever your requirements are). By validate vs. sanitize, I mean don't sanitize (clean) what they entered, but give them an error and make them enter something new if it doesn't validate.

Edited by horst
  • Like 1
Link to comment
Share on other sites

It is validated and sanitized and throwing error.. But I think its not good if you create own registration and sanitize it before storing as you would end up with different password if you don't take care of showing a error to the user.

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...