I prefer truncating. As long as it's not truncating to some really short value (I'd draw the line at 30 characters). After reading a discussion on stackforge it seems like the correct approach to me.
In order to exploit it, wouldn't you have to create users with long passwords, or allow some miscreant to set their password to a long value? At least you'd know who it is.
I prefer truncating. As long as it's not truncating to some really short value (I'd draw the line at 30 characters). After reading a discussion on stackforge it seems like the correct approach to me.
In order to exploit it, wouldn't you have to create users with long passwords, or allow some miscreant to set their password to a long value? At least you'd know who it is.