default password validation has no max length - is this a security issue? #41928
Unanswered
msporleder
asked this question in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
looking at https://github.com/laravel/framework/blob/9.x/src/Illuminate/Validation/Rules/Password.php there doesn't seem to be a max length for password validation by default, meaning you could send a very large string to the hash function and the couple of regex in the default rules (mixed case, etc). I believe rails uses a default max of 72 chars.
If nothing else should this be a doc enhancement in the Hash::make or validation docs?
Beta Was this translation helpful? Give feedback.
All reactions