It’s really necessary to sanitize the password field when someone registers at the website? I have seen a lot examples where the field password has been sanitized!! Isn’t this wrong? Doing this we are preventing the user to choose a strong password. Also, the data is only saved when is encrypted. I think there’s no risk.
Normally i only sanitize the password field in the authentication/login! (NOTE: i think here isn’t also necessary, because the data is encrypted before being compared)
What you guys think about this? Im wrong? Do we really need sanitize the password field?
I totally agree with you Da:Sourcerer about the login forms!
On the signup form, in some way, i always try to ensure the user choose a strong password by forcing him to type a password with alpha-numeric/symbols/uppercase and lowercase letters (actually the uppercase/lowercase letters, it is irrelevant, but if gives 1% more security, i will use it), etc, preventing him to have a really bad password.
That’s why i think sanitizing the password field on signup, it’s really bad and should not be done.