nopCommerce
nopCommerce copied to clipboard
Length restriction on frontend inputs
nopCommerce version: 4.60.1
All details at https://www.nopcommerce.com/en/boards/topic/96120/no-password-length-restriction-leads-to-denial-of-service
Let's investigate whether it can be used for any kind of attacks
Related work item: https://github.com/nopSolutions/nopCommerce/issues/6557
We have a method SetStringPropertiesMaxLength that allows us to set a limit on the length of the field in accordance with the length in the database. We can consider using it not only in the administration area but also in the public store. Then we just need to set restrictions in the table structure.