Limit password length (at a reasonable length) #13491
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
related to #10235 and partly reverses #10349
reported in 415304
While long passwords are definitely more secure, allowing 200 000 character and more character long password makes it possible to DDOS the server.
So I'd propose to reintroduce a password limit, but at a reasonable length (maybe 200 characters)
The text was updated successfully, but these errors were encountered: