RE: Password Validation MinLength not checked, not going to be?
..and right after I send my reply, I remember that I have the tag commented out to test server-side validations... I'd like to be able to use to generate validations for selected fields, and let others pass through to the server-side code, for just this reason. There would have to be a way to indicate in validations.xml that for a field with depends x, y, and z, javascript should be generated for x and y and z should be validated by the server-side plugin. Anybody have any ideas about this? -daniel Daniel A. Torrey daniel at datorrey dot net Quoting Joe Hertz <[EMAIL PROTECTED]>: > Of course, right after I send it, I find the updated bug report under > Commons Validator, still open: > > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652 > > > -Original Message- > > From: Joe Hertz [mailto:[EMAIL PROTECTED] > > Sent: Sunday, November 23, 2003 6:55 AM > > To: 'Struts Users Mailing List' > > Subject: Password Validation MinLength not checked, not going to be? > > > > > > Depends=required,minlength doesn't work (despite the example > > in SIA and all over the net now...). > > > > According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 > > this bug is marked as WontFix as "Password fields are > > deliberately not checked in this way for security reasons" > > > > Should I interpret this as declarative that any javascript > > validation of a password length is inherently insecure I > > have a hard time believing that given javascript supports > > this in the language. > > > > People keep submitting this one, obviously not getting it (like me!). > > > > What's the logic here?? > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Password Validation MinLength not checked, not going to be?
Hmmm...don't know about depends=required,minlength, but depends=required,minlength,mask seems to be working for me. The snippet below correctly generates three different types of error messages as expected. I guess I'd agree that required,minLength is a little lame for password validation, but hey, they're your business rules... Oh, and it's minLength, not minlength. Maybe that's the problem? ^ ^ -daniel Daniel A. Torrey daniel at datorrey dot net --- snip--- // require password to be min 8 chars, at least one digit & at least one alpha minlength 8 mask ([[:alpha:]][[:digit:]])|([[:digit:]][[:alpha:]]) Quoting Joe Hertz <[EMAIL PROTECTED]>: > Depends=required,minlength doesn't work (despite the example in SIA and > all over the net now...). > > According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 > this bug is marked as WontFix as "Password fields are deliberately not > checked in this way for security reasons" > > Should I interpret this as declarative that any javascript validation of > a password length is inherently insecure I have a hard time > believing that given javascript supports this in the language. > > People keep submitting this one, obviously not getting it (like me!). > > What's the logic here?? > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Password Validation MinLength not checked, not going to be?
Of course, right after I send it, I find the updated bug report under Commons Validator, still open: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652 > -Original Message- > From: Joe Hertz [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 23, 2003 6:55 AM > To: 'Struts Users Mailing List' > Subject: Password Validation MinLength not checked, not going to be? > > > Depends=required,minlength doesn't work (despite the example > in SIA and all over the net now...). > > According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 > this bug is marked as WontFix as "Password fields are > deliberately not checked in this way for security reasons" > > Should I interpret this as declarative that any javascript > validation of a password length is inherently insecure I > have a hard time believing that given javascript supports > this in the language. > > People keep submitting this one, obviously not getting it (like me!). > > What's the logic here?? > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]