• NotationalSymmetry@ani.social
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 month ago

    Saving the password truncates but validation doesn’t. So it just fails every time you try to log in with no explanation. The number of times I have seen this in a production website is too damn high.

      • nous@programming.dev
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 month ago

        Passwords should be hashed, not stored plain text! Hashes are always the same length so this is an immediate sign they are doing horribly insecure things with your password.