How Fast Your Password Can Be Brute Forced
invite response
2022 Apr 6, 10:19am 4,185 views 85 comments
« First « Previous Comments 84 - 85 of 85 Search these comments
84
Patrick
2022 May 3, 12:10pm
Patrick
2022 May 3, 12:10pm
Hircus says
Yes, I remember that CSP header thing, and I do have my .js in a separate file right now, but it's a pain in the ass in development, because you have to load the new js file somehow each time you change it, and the html that the js acts on is separated, so the connection between the two is not obvious. And I just don't like having multiple files.
So security and programmer convenience are a bit opposed in this case.
I do try to filter out all script tags from user input, but maybe that's not enough.
CSP can potentially be very powerful against xss if you dont mind writing your code in certain ways, such as putting all js in .js files.
Yes, I remember that CSP header thing, and I do have my .js in a separate file right now, but it's a pain in the ass in development, because you have to load the new js file somehow each time you change it, and the html that the js acts on is separated, so the connection between the two is not obvious. And I just don't like having multiple files.
So security and programmer convenience are a bit opposed in this case.
I do try to filter out all script tags from user input, but maybe that's not enough.
85
NuttBoxer
2022 May 4, 9:16am
NuttBoxer
2022 May 4, 9:16am
Maybe I'm missing an angle, but if you sanitize all user input, not sure you still need a separate JS file.
« First « Previous Comments 84 - 85 of 85 Search these comments
And if anyone's interested I use Keepass, none of that cloud shit.