• pirrrrrrrr@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      0
      ·
      11 months ago

      Maybe they filtered those strings to be safe, and put the notice there to answer the invertible “why won’t it accept my password” queries.

      It’s a shitty password engine. But not necessarily uncleansed

      • ArbitraryValue@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        11 months ago

        If they’re trying to protect themselves from code injection by rejecting certain user input like that, then they don’t actually know how to protect themselves from code injection correctly and there may be serious vulnerabilities that they’ve missed.

        (I think it’s likely that, as others have said, they’re using off-the-shelf software that does properly sanitize user input, and that this is just the unnecessary result of management making ridiculous demands. Even then, it’s evidence of an organization that doesn’t have the right approach to security.)