It doesn’t check for password type. Password may be defined as 4-digit unsigned ints

Question

0

Asked: June 13, 20262026-06-13T07:18:51+00:00 2026-06-13T07:18:51+00:00

It doesn’t check for password type. Password may be defined as 4-digit unsigned ints

0

It doesn’t check for password type. Password may be defined as 4-digit unsigned ints and if a user attempts to change his/her password to something other than 4-digit unsigned ints, then it may cause errors, correct?

If so, what kind of errors?
just a simple error message or can this be a major security issue?
Can someone buffer overflow attack on this?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-13T07:18:51+00:00

There can be a major security issue here! More than just a error message. Read more about SQL Injection. The simple rule is that you should always sanitize any string user input to ensure, yes, proper type, but more importantly, that it’s doesn’t bypass your intent and hack into your DB.

A simple Google search returns for example this site.

For .NET, it’s better to use SqlParameter than concatenate string to form your SQL Query. SqlParameter guards you against SQL Injection…

using (SqlCommand cmd = new SqlCommand("UPDATE tblUser SET Password = @password WHERE CustomerID=@custID", conn))
{
   cmd.Parameters.Add(new SqlParameter("password ", newPassword));
   cmd.Parameters.Add(new SqlParameter("custID", custID));
...

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

It doesn’t check for password type. Password may be defined as 4-digit unsigned ints

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply