qaz@lemmy.world to Mildly Infuriating@lemmy.worldEnglish · edit-23 months agoPlease pick a password starting with ad and ending with minlemmy.worldexternal-linkmessage-square142fedilinkarrow-up1486arrow-down123file-text
arrow-up1463arrow-down1external-linkPlease pick a password starting with ad and ending with minlemmy.worldqaz@lemmy.world to Mildly Infuriating@lemmy.worldEnglish · edit-23 months agomessage-square142fedilinkfile-text
minus-squareexpr@programming.devlinkfedilinkEnglisharrow-up58·3 months agoAt minimum you need to limit the request size to avoid DOS attacks and such. But obviously that would be a much larger limit than anyone would use for a password.
minus-squareowsei@programming.devlinkfedilinkEnglisharrow-up27·3 months agoAlso rate of the requests. A normal user isn’t sending a 1 MiB password every second
minus-squareJackbyDev@programming.devlinkfedilinkEnglisharrow-up4·3 months agoWhat’s a sensible limit. 128 bytes? Maybe 64?
minus-squareowsei@programming.devlinkfedilinkEnglisharrow-up8·3 months agoI’d say 128 is understandable, but something like 256 or higher should be the limit. 64, however, is already bellow my default in bitwarden
At minimum you need to limit the request size to avoid DOS attacks and such. But obviously that would be a much larger limit than anyone would use for a password.
Also rate of the requests. A normal user isn’t sending a 1 MiB password every second
What’s a sensible limit. 128 bytes? Maybe 64?
I’d say 128 is understandable, but something like 256 or higher should be the limit. 64, however, is already bellow my default in bitwarden