TimeSink
  • Communities
  • Create Post
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
A Basil Plant@lemmy.world to Cybersecurity - Memes@lemmy.world · 1 年前

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */.

lemmy.world

message-square
15
link
fedilink
13

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */.

lemmy.world

A Basil Plant@lemmy.world to Cybersecurity - Memes@lemmy.world · 1 年前
message-square
15
link
fedilink
alert-triangle
You must log in or register to comment.
  • ArbitraryValue@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 年前

    How to say you’re vulnerable to code injection without saying you’re vulnerable to code injection.

    • pirrrrrrrr@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      1
      ·
      1 年前

      Maybe they filtered those strings to be safe, and put the notice there to answer the invertible “why won’t it accept my password” queries.

      It’s a shitty password engine. But not necessarily uncleansed

      • ArbitraryValue@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 年前

        If they’re trying to protect themselves from code injection by rejecting certain user input like that, then they don’t actually know how to protect themselves from code injection correctly and there may be serious vulnerabilities that they’ve missed.

        (I think it’s likely that, as others have said, they’re using off-the-shelf software that does properly sanitize user input, and that this is just the unnecessary result of management making ridiculous demands. Even then, it’s evidence of an organization that doesn’t have the right approach to security.)

    • thenextguy@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 年前

      This is the result of some doc writer or middle manager not fully understanding what they’ve been told.

  • bitwaba@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 年前

    Little Bobby drop tables

  • lobut@lemmy.ca
    link
    fedilink
    arrow-up
    1
    ·
    1 年前

    Looking at that I wouldn’t be surprised if those rules are just client-side validation.

  • fubarx@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    1 年前

    Obligatory Little Bobby Tables: https://xkcd.com/327/

    And for those who feel like saying they’ve already seen it: https://xkcd.com/1053/

  • zqwzzle@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 年前

    So they’re not hashing or salting the passwords too. Cool…

  • Ð Greıt Þu̇mpkin@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 年前

    submits Drop Table as passphrase

    Grabs popcorn

  • Matriks404@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 年前

    I don’t believe this is real. This isn’t real, right?

    • A Basil Plant@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      1 年前

      This is real - I took the screenshot myself.

  • RizzRustbolt@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 年前

    Oh BobbyTables, you little rapscallion…

  • Kyrgizion@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 年前

    Didn’t say anything about truncate!

  • EfreetSK@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 年前

    We could still have some fun with ALTER TABLE

  • The Ramen Dutchman@ttrpg.network
    link
    fedilink
    arrow-up
    1
    ·
    4 个月前

    I wonder, if you turn off JavaScript, does it allow you to perform SQL injections?

    Is the front end the only thing protection or is the backend “also” doing work?

Cybersecurity - Memes@lemmy.world

cybersecuritymemes@lemmy.world

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecuritymemes@lemmy.world

Only the hottest memes in Cybersecurity

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 454 users / day
  • 455 users / week
  • 457 users / month
  • 3.38K users / 6 months
  • 1 local subscriber
  • 3.04K subscribers
  • 103 Posts
  • 1.32K Comments
  • Modlog
  • mods:
  • Sam1232188@lemmy.world
  • neurohost@lemmy.world
  • Alphadef@programming.dev
  • CannaVet@lemmy.world
  • BE: 0.19.11
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org