• twitterfluechtling@lemmy.pathoris.de
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?

    If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.