I can imagine a scenario in which it would test the field on form submit, somebody in QA filed a bug that they didn’t get instant feedback, and the developer said, fine, fuck it.
I’m not paid to make it good. I’m paid to make it done.
I use https://github.com/dropbox/zxcvbn which is implemented in all sorts of languages (including JS). Even if the client-side implementation isn’t perfect, it’s WAY better than doing round trips to a server for a mere hint, and the logging of GET requests is a huge security problem IMO.
Is there a legit reason to do this? I can’t think of anything beyond bad developers.
I can imagine a scenario in which it would test the field on form submit, somebody in QA filed a bug that they didn’t get instant feedback, and the developer said, fine, fuck it.
I’m not paid to make it good. I’m paid to make it done.
If you want instant feedback wouldn’t you use javascript?
I use https://github.com/dropbox/zxcvbn which is implemented in all sorts of languages (including JS). Even if the client-side implementation isn’t perfect, it’s WAY better than doing round trips to a server for a mere hint, and the logging of GET requests is a huge security problem IMO.
“Our proprietary security maximizing algorithm must be confidentially protected blah blah.”