Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
darkcode8278y@Linux yes I understand it's an older approach. But why is it a valid approach? What about the old shit makes this constraint a viable solution?
-
@darkcode , its only viable in the sense that it works, it is completely retarded from a security perspective and the only possible technical justification would be that some ancient system that only supports 7bit ascii needs to do something with the passwords (but there isn't any way to justify having any system, old or new reading users passwords)
-
darkcode8278y@ItsNotMyFault thank you, somewhat of an explanation.
I understand it's old.
I understand it's shit.
I'm looking to understand the thought process that went into the decision. It's not like other devs have never seen the source, which means that multiple devs and product owners have let this decision remain as is. What are the possible reasons that made them all do that is what I want to understand. -
@darkcode
For lots of managers security is only an issue after it has been breached, it can be very difficult to get permission to spend time replacing bad code if the bad code meets all formal requirements. -
darkcode8278y@ItsNotMyFault requirements, formal and informal, change as business and market dictates.
Seems odd that this hasn't come up, considering the market perception shift in secure passwords over the last 24 months. I'm contemplating switching my isp as a result of this. As a consumer, I hesitate to trust an isp if they don't see the problem with an issue like this. Maybe my standards are too high. -
@darkcode I'd say your standards are fine! Your gut feel is probably fine as well! Find another ISP ASAP.
Related Rants
Is there a good technical reason to not allow passwords to contain special characters? My isp does this and I need to know why.
undefined
need to know
srs