Subnostr

The only practical reason to have length limits now is to reduce DoS attacks via posting crazy long data to the server. But can be mitigated by hashing on the client before submission, and again salted hashing on server before storing.

Bill Cypher 1y ago

I understand that there has to be some maximum for a number of reasons. 20 characters isn't long enough for me to even meet modern password recommendations though. I run into sites with even smaller limits regularly.

Reply to this note

Please Login to reply.

Discussion

jimbocoin 🃏 1y ago

Insecure by design.

And while we’re at it, how about stupid restrictions on what characters you can use? Punctuation too good for ya?

Diacone Frost 1y ago

I believe these are from the past to prevent (sql) injections.

jimbocoin 🃏 1y ago

Still dumb

Diacone Frost 1y ago

No argue there. It's been a while since we have sanitizing libs. And by while I mean decades 😂