this post was submitted on 10 Apr 2026
2 points (75.0% liked)

Programmer Humor

31253 readers
1397 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
anzo@programming.dev
Feyter@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
2
The mist of the www (feddit.org)
submitted 3 weeks ago by NichEherVielleicht@feddit.org to c/programmer_humor@programming.dev
15 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] rizzothesmall@sh.itjust.works 0 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Being able to determine if a username is valid without a valid password is a security flaw

Even something as simple as taking longer to validate the password when the username is a valid one can also lead to user enumeration

[–] cactusupyourbutt@lemmy.world 2 points 3 weeks ago (2 children)

I keep hearing that, yet the websites will gladly tell you that the username is taken when trying to register

[–] meekah@discuss.tchncs.de 1 points 3 weeks ago

I'd assume the spam protection for signing up is a lot tighter than the one for logging in

[–] marius@feddit.org -1 points 3 weeks ago (2 children)

There are also a lot of websites where you first just enter a username and only when that is valid they ask for a password

[–] psud@aussie.zone 1 points 2 weeks ago

Many of those will progress to password even if the user doesn't exist

[–] dbx12@programming.dev 0 points 3 weeks ago (1 children)

And this fucks with password managers as they usually expect both fields on the same page.

[–] lord_ryvan@ttrpg.network 1 points 1 day ago

Which ones? Both Keeper and KeepassXC will work just fine with it and the latter is FOSS.