Is the use of special characters in a login form a security risk?

Posted on 2014-08-25
Last Modified: 2014-08-25
I require users registering a password to use at least one special character. Passwords can be up to 20 characters long. When gathering password from POST, I think <> tags will be removed. Am I correct about that?

Also are there any special characters that could pose a security risk and should not be allowed? In other words could someone write code into the password input field and what characters would they use? Keep in mind the max length is 20 characters.
$password = trim(strip_tags($_POST['password']));

Open in new window

Question by:kadin
    LVL 58

    Expert Comment

    Allow any character, if someone uses <> in their password and you strip it then their password will not work
    Really you should be hashing the password when storing use md5 to encrypt it so you end up with something like this which is completely safe and protects the password.

    You will then use md5 to hash the password when checking the login

    Using PDO/MySQLi and bound parameters there is nothing to worry about.

    Author Comment

    Thanks for your response.

    What about strip_tags() above? Won't that remove < > symbols? Should I not use strip_tags() on a password before storing in a database?
    LVL 58

    Accepted Solution

    No don't strip tags. What are you using to connect to the db
    (I did edit my comment above slightly)

    Author Comment

    I all ready use hashing and PDO prepared statements. Thanks for your help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
    I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now