benjojoMaking an account on something today when I came across a novel to me password restriction
Tzimisce Flesh@[email protected] Please explain to the Python developer (me).
Lillian Violet@flesh @benjojo The $ is a unix crypt hash symbol, which indicates the string that follows is an encrypted password string. If the password were to be stored in say plain text, the program to check the password might infer some things about the password that are untrue if it starts with a $ and always error out since it's comparing what it thinks is a hash to a plaintext of the password, and they don't match. One might reasonably assume from this that this restriction is in place because they do indeed save the passwords as plain text...
Leeloo@GLaDTheresCake @flesh @benjojo
Ooh, interesting.
My thoughts were PHP injection.
Either way, there is no reasonable explanation that doesn't include the words "horribly insecure".
Vile Ox@leeloo @GLaDTheresCake @flesh @benjojo
"Either way, there is no reasonable explanation that doesn't include the words "horribly insecure"."
There is one, alluded by someone up the thread: trolling. It is possible that the system is secure, but an admin with a (twisted) sense of humor decided to do some mild nerd-sniping.
Not very likely, just reasonable.
@VileOx @GLaDTheresCake @flesh @benjojo
"Pretending to be horribly insecure as a joke" does contain those words😜
"Pretending to be horribly insecure as a joke" does contain those words😜