this post was submitted on 18 Feb 2024
158 points (100.0% liked)
tails: A Place for Mastodon Posts
328 readers
1 users here now
A virtual community
Posts from Mastodon users, featured natively in a community, so you can view them without the need for them to be re-hosted or screenshoted, and reply to the original author and Mastodon respondents if you wish.
Has so far included content from Warsandpeas, Mr. Lovenstein, SMBC, Loading Artist, Low Quality Facts, nixCraft, ElleGray, and other interesting or provocative stuff I've random'd across on Mastodon.
Supported:
Comments & Upvotes
Unsupported:
Posts, Downvotes, & PD's Automod
founded 10 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There’s a difference between ‘I would rather the user didn’t do that’ and ‘We must not allow this to happen’.
User enters the empty string for their password recovery question? Don’t care. Let the Frontend handle this. If the user is capable enough to disable the frontend validation, they’re capable to remember their password.
User enters SQL as their password recovery question? Validate in the backend.
The issue with your example is that it could be that there was a bug and the user didn’t disable the validation and intend to send an empty string.