Meteorjs password length check
1 answer
Password data is only passed through hashes, so as you mentioned, the server never sees the user's password during key exchange. The server can create a user with a password, but this string must be passed in somehow.
It is best to check the length on your registration form. I understand that the client code cannot be trusted, however it is unlikely that a motivated hacker is going to change the source to have a weak password.
+1
source to share