Jump to content

Issue on registration form : password length too and firstname field allow link

kennethhounsou

By kennethhounsou
in Developer Corner

 Share

Recommended Posts

kennethhounsou Junior Member

kennethhounsou

Posted
Posted

Hi everyone,

Am working for web hosting company and we use WHMCS

We've recently conducted some security tests over our website and some points were noticed by the test team and reported to our attention to solve.
We would like you recommendation about those to quickly sort them out.

  1. Lack of password length restrictions : a user can create a password over 1000 characters or more. How can we set a maximum limit of 365 characters for the password fields?

  2. firstname and lastname fields html injection : those fields at the user registration form can be filled with code as following "<a href=https://evil.com>clickhere</a>" How can we avoid this?

Thanks for your recommendation, advice or any sort of guidance to go through this.

 

PS: am not a developer. just in charge of running the whmcs website

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept