1. 10

  2. 3

    Is there a legit reason to do this? I can’t think of anything beyond bad developers.

    1. 5

      I can imagine a scenario in which it would test the field on form submit, somebody in QA filed a bug that they didn’t get instant feedback, and the developer said, fine, fuck it.

      I’m not paid to make it good. I’m paid to make it done.

      1. 1

        If you want instant feedback wouldn’t you use javascript?

        1. 2

          I use https://github.com/dropbox/zxcvbn which is implemented in all sorts of languages (including JS). Even if the client-side implementation isn’t perfect, it’s WAY better than doing round trips to a server for a mere hint, and the logging of GET requests is a huge security problem IMO.

          1. 1

            “Our proprietary security maximizing algorithm must be confidentially protected blah blah.”