Request returns to homepage | Laravel | Page 1

frigid peak Nov 27, 2022, 4:43 PM

#

Show your headers.

#

Also. You don’t “log in” to APIs.

grim galleon Nov 27, 2022, 4:44 PM

#

frigid peak Also. You don’t “log in” to APIs.

translation error

frigid peak Nov 27, 2022, 4:45 PM

#

I also wouldn’t be putting so much validation around the email and password fields, as you’re just leaking whether an email actually exists in the database, and the minimum and maximum length of passwords, which just means an attacker can narrow their efforts.

grim galleon Nov 27, 2022, 4:46 PM

#

frigid peak Show your headers.

What's the directory?

grim galleon Nov 27, 2022, 4:47 PM

#

frigid peak I also wouldn’t be putting so much validation around the email and password fiel...

ok, but these evaluations do not check with the database, they only ask for a password and the minimum number of characters

frigid peak Nov 27, 2022, 4:48 PM

#

grim galleon ok, but these evaluations do not check with the database, they only ask for a pa...

Yes, and now an attacker can go “Cool, I just need to bother with trying to crack passwords between 8 and 50 characters.”