只是想知道.

我们通常在 ASP.Net 应用程序中以各种形式修剪用户名，密码字段的最佳做法是什么.

We usually trim a user name in various forms in our ASP.Net application, whats the best practices for password fields.

即我们应该在保存/加密之前删除密码字段中的尾随空格吗?

i.e. should we remove a trailing space in a password field before being saved/encrypted?

推荐答案

视情况而定，

有些用户从某个地方复制他们的密码，或者填写他们的密码并将其复制粘贴到确认密码"字段中.这有时会在密码前后留出额外的空间.当他们甚至没有意识到空间存在时，空间也会被加密.

Some users copy their password from somewhere or fill in their password and copy paste it in the Confirm Password field. This sometimes gives a extra space before and after the password. A space will be encrypted as well while they didn't even realize a space was there.

而其他用户实际创建的密码中包含空格.

While other users actually create passwords with spaces in.

您的密码政策完全由您决定.只需确保用户非常清楚您的密码策略是什么.不允许在他们使用空格时提醒他们，或者在他们使用空格时提醒他们.

It's totally up to you to decide your password policy. Just make sure it is very clear for the user what your password policy is. Either by alerting them if they used a space or alerting them using a space isn't allowed.