You are viewing a single thread.
View all comments View context
6 points

Sounds like a crappy implementation of the authentication server then, and the sysadmin deserves a paddlin’ for not stripping non-UTF characters (or making sure they work).

My problem with using emojis as part of the password would rather be that while I might be able to enter them on my personal Android phone using the exact keyboard app I have installed right now, I might find myself struggling on a desktop computer or any other phone that doesn’t have this exact keyboard installed. After all, the graphical representation of the same emoji might look different there, and there is a chance I couldn’t even recognize it.

So if anything, I’d say use a non-UTF keyboard like Thai or Chinese, but then a standard character in that specific type. Keyboards layout can be installed across devices and are fully standardized, even if the same character looks slightly different.

permalink
report
parent
reply
17 points

Stripping characters from passwords, great idea! Right up there with truncating passwords that are too long.

permalink
report
parent
reply
-5 points
Deleted by creator
permalink
report
parent
reply
10 points

That’s not how any of this works.

First of all, stripping passwords is never okay. You can reject the password and let the user choose a new one, but never just modify it on your own.

Then, if your system is at risk of code injection by certain characters in user input, please just shut it down and never turn it on again.

permalink
report
parent
reply
6 points

Doing that is actually a great way to tell attackers that you’re vulnerable to that type of attack.

Bypassing those front end restrictions is super easy, and the attackers don’t need an account or a password to attack you.

It’s like putting a sign that says “lock fragile; don’t tug” on the door to your business.

permalink
report
parent
reply
3 points

Learn how to sanitise your database inputs first, damnit!

https://xkcd.com/327/

permalink
report
parent
reply
3 points

also some OSKs put whitespaces after inserting an emoji, some doesn’t. there’s no unified emoji input method yet.

permalink
report
parent
reply
2 points

There’s no such thing as a non-UTF8 character. You mean non-UTF8 bytes? If a system sees those, it should reject the entire input, not try to patch it up.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 12K

    Posts

  • 554K

    Comments