Do most web broswsers all ow you to have 1000 characters in the password field? limiting the number of characters would fix this bug, wouldn't it?
Printable View
Do most web broswsers all ow you to have 1000 characters in the password field? limiting the number of characters would fix this bug, wouldn't it?
Not necessarly because on some software if you keep on holding down a key it will have a run 32 error and fill up the buffer
hacking hotmails, wow the hack of the millenium!
Go away l4m3r5!
HOTMAIL IS THE WORLD'S MOST INSECURE E-MAIL SERVICE SINCE MILLIONS ARE USING IT! YAHOO? THEY ARE SOMEHOW LINKED TO MICROSOFT, SO, YAHOO = MICROSOFT = BAD + EVIL
Relying solely on a client's browser to do input format validation is not a good idea: it's VERY easy to send http requests by hand...Quote:
Originally posted here by jcmcb
Do most web broswsers all ow you to have 1000 characters in the password field? limiting the number of characters would fix this bug, wouldn't it?
For example, if a site relies on the max length property of the input tag in html, you could save the html page, edit the input tag to remove the max length and then reload the saved page in your browser, enter the ridiculously long password and boom...
Same applies for sites that use hidden fields to store prices!
(Apparently quite a few still do so... !!)
Ammo
That's one pointless/groundless post if I ever saw one...Quote:
Originally posted here by lawrence171
HOTMAIL IS THE WORLD'S MOST INSECURE E-MAIL SERVICE SINCE MILLIONS ARE USING IT! YAHOO? THEY ARE SOMEHOW LINKED TO MICROSOFT, SO, YAHOO = MICROSOFT = BAD + EVIL
How does being used by millions imply that it's insecure??!
"are somehow linked to Microsoft"... Wow that's some piece of evidence...
Ammo