Meteorjs password length check
How can I check at least the length of the password from the server sent by the client? I know the password is not just sent over the wire and so I am wondering how to do this?
+3
o2kevin
source
to share
1 answer
Password data is only passed through hashes, so as you mentioned, the server never sees the user's password during key exchange. The server can create a user with a password, but this string must be passed in somehow.
It is best to check the length on your registration form. I understand that the client code cannot be trusted, however it is unlikely that a motivated hacker is going to change the source to have a weak password.
+1
David Weldon
source
to share