When creating an account to the game League of Legends, the user's password must comply to a few rules.
The one I'm concerned about is the "Must not contain slashes or spaces" one. The others are sane password requirements (well, except the maximum length), but disallowing slashes or spaces seems weird.
I can't come up with any other explanation than the passwords being sent or saved in plaintext with said characters messing up the format, as in a hash such characters would disappear. It also seems weird to only disallow these to prevent e.g. SQL injection or other such things, especially as they should be handled normally with all data.
So, in addition to reducing the entropy by reducing the character set available, this might indicate a deeper problem. What do you think?
Aucun commentaire:
Enregistrer un commentaire