Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Is the use of special characters in a login form a security risk?

Posted on 2014-08-25
Medium Priority
Last Modified: 2014-08-25
I require users registering a password to use at least one special character. Passwords can be up to 20 characters long. When gathering password from POST, I think <> tags will be removed. Am I correct about that?

Also are there any special characters that could pose a security risk and should not be allowed? In other words could someone write code into the password input field and what characters would they use? Keep in mind the max length is 20 characters.
$password = trim(strip_tags($_POST['password']));

Open in new window

Question by:kadin
  • 2
  • 2
LVL 58

Expert Comment

ID: 40284366
Allow any character, if someone uses <> in their password and you strip it then their password will not work
Really you should be hashing the password when storing use md5 to encrypt it so you end up with something like this which is completely safe and protects the password.

You will then use md5 to hash the password when checking the login

Using PDO/MySQLi and bound parameters there is nothing to worry about.

Author Comment

ID: 40284370
Thanks for your response.

What about strip_tags() above? Won't that remove < > symbols? Should I not use strip_tags() on a password before storing in a database?
LVL 58

Accepted Solution

Gary earned 2000 total points
ID: 40284371
No don't strip tags. What are you using to connect to the db
(I did edit my comment above slightly)

Author Comment

ID: 40284382
I all ready use hashing and PDO prepared statements. Thanks for your help.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question