This repository has been archived by the owner on Apr 29, 2020. It is now read-only.
Sanitize user input during the login flow. #6368
Comments
|
the connect server does prevent injection attacks (in a not very optimal way) but the loader still lets you pass anything you want atm. the connect server then decides wtf to do with it without any feedback to the user - so we should edit the loader to have some sort of error when an invalid account name is given. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The current code doesn't really do any checking at all. We should enforce username and password length limits, restrict their characters (e.g. exclude spaces), and protect against malicious inputs (e.g. trying to manipulate the SQL query based on their input.)
The text was updated successfully, but these errors were encountered: