R__Winters_7757
Oct 21, 2010Nimbostratus
Allowing default-disallowed characters
We are having an issue where users are getting blocked when they try and create or use a password that contains % or @. As these characters are disallowed by default, we are considering allowing them for this parameter.
My question is what security risks are we facing by allowing these characters? The application is ASP.NET and the parameter is never echoed back to the user.