asp.net - Is password input sanitization required? -

-

i'm trying sanitize data that's inputted making sure data valid particular field (e.g. name can't contain special characters/numbers etc..) however, i'm not sure when comes password field. need bother sanitization password hashed? if user inject malicious via password textbox, should bother checking suspicious? afaik, users may (should!) have special characters such '< >', trigger potential attack alert. should leave password field unsanitized? limiting input passwords last resort me, feel users should use sorts of characters in passwords.

thanks

as long hashing in application, should ok.

a bit off topic considering using asp.net, notable exception if using php , mysql , doing this:

update users set password = password('$pwd') userid = $uid

in case want sanitize $pwd first.


Comments

Post a Comment

Popular posts from this blog

ruby - When to use an ORM (Sequel, Datamapper, AR, etc.) vs. pure SQL for querying -

-
a colleague of mine designing sql queries 1 below produce reports, displayed in excel files through external data query. @ present, reporting processes on db required (no crud operations). i trying convince him better use ruby orm in order able display data in rails/sinatra app. despite obvious advantages in displaying data, advantages there him in learning use orm sequel or datamapper? the sql queries writing quite complex, , being relatively new sql, complains time-consuming , confusing. possible write extremely complex queries orm? , if so, suitable(i have heard sequel legacy dbs)? , advantages of learning ruby , using orm versus sticking plain sql, in making complex database queries? i'm datamapper maintainer, , think complex reporting should use sql. while think someday we'll have dsl provides power , conciseness of sql, i've seen far requires write more ruby code sql complex queries. rather maintain 5 line sql query 10-15 lines of ruby code desc...
Read more

php - PHPDoc: @return void necessary? -

-
is necessary this: /** * ... * * @return void */ i have quite few methods don't have return value, , seems redundant put in comment. considered bad form leave out? if makes clear documentation, leave in, isn't strictly necessary. it's entirely subjective decision. personally, leave out. edit stand corrected. after little googling, wikipedia page says: @return [type description] tag should not used constructors or methods defined void return type. the phpdoc.org website says: @return datatype description @return datatype1|datatype2 description the @return tag used document return value of functions or methods. @returns alias @return support tag formats of other automatic documentors the datatype should valid php type (int, string, bool, etc), class name type of object returned, or "mixed". if want explicitly show multiple possible return types, list them pipe-delimited without spaces (e.g. "@retur...
Read more

c++ - Convert big endian to little endian when reading from a binary file -

-
this question has answer here: how convert between big-endian , little-endian values in c++? 28 answers i've been looking around how convert big-endian little-endians. didn't find solve problem. seem there's many way can conversion. anyway following code works ok in big-endian system. how should write conversion function work on little-endian system well? this homework, since systems @ school running big-endian system. it's got curious , wanted make work on home computer also #include <iostream> #include <fstream> using namespace std; int main() { ifstream file; file.open("file.bin", ios::in | ios::binary); if(!file) cerr << "not able read" << endl; else { cout << "opened" << endl; int i_var; double d_var; while(!file.eof()) {...
Read more