Password Validation MinLength not checked, not going to be?
Depends=required,minlength doesn't work (despite the example in SIA and all over the net now...). According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 this bug is marked as WontFix as Password fields are deliberately not checked in this way for security reasons Should I interpret this as declarative that any javascript validation of a password length is inherently insecure I have a hard time believing that given javascript supports this in the language. People keep submitting this one, obviously not getting it (like me!). What's the logic here?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Password Validation MinLength not checked, not going to be?
Of course, right after I send it, I find the updated bug report under Commons Validator, still open: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652 -Original Message- From: Joe Hertz [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2003 6:55 AM To: 'Struts Users Mailing List' Subject: Password Validation MinLength not checked, not going to be? Depends=required,minlength doesn't work (despite the example in SIA and all over the net now...). According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 this bug is marked as WontFix as Password fields are deliberately not checked in this way for security reasons Should I interpret this as declarative that any javascript validation of a password length is inherently insecure I have a hard time believing that given javascript supports this in the language. People keep submitting this one, obviously not getting it (like me!). What's the logic here?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Password Validation MinLength not checked, not going to be?
Hmmm...don't know about depends=required,minlength, but
depends=required,minlength,mask seems to be working for me. The snippet below
correctly generates three different types of error messages as expected.
I guess I'd agree that required,minLength is a little lame for password
validation, but hey, they're your business rules...
Oh, and it's minLength, not minlength. Maybe that's the problem?
^ ^
-daniel
Daniel A. Torrey
daniel at datorrey dot net
--- snip---
// require password to be min 8 chars, at least one digit at least one alpha
field property=password depends=required, minlength, mask
msg name=required key=error.required/
arg0 key=error.required.password/
msg name=minlength key=error.invalid.minlength/
arg0 key=error.required.password/
arg1 name=minlength key=${var:minlength} resource=false/
var
var-nameminlength/var-name
var-value8/var-value
/var
msg name=mask key=error.invalid.password/
var
var-namemask/var-name
var-value ([[:alpha:]][[:digit:]])|([[:digit:]][[:alpha:]]) /var-value
/var
/field
Quoting Joe Hertz [EMAIL PROTECTED]:
Depends=required,minlength doesn't work (despite the example in SIA and
all over the net now...).
According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595
this bug is marked as WontFix as Password fields are deliberately not
checked in this way for security reasons
Should I interpret this as declarative that any javascript validation of
a password length is inherently insecure I have a hard time
believing that given javascript supports this in the language.
People keep submitting this one, obviously not getting it (like me!).
What's the logic here??
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Password Validation MinLength not checked, not going to be?
..and right after I send my reply, I remember that I have the html:javascript tag commented out to test server-side validations... I'd like to be able to use html:javascript to generate validations for selected fields, and let others pass through to the server-side code, for just this reason. There would have to be a way to indicate in validations.xml that for a field with depends x, y, and z, javascript should be generated for x and y and z should be validated by the server-side plugin. Anybody have any ideas about this? -daniel Daniel A. Torrey daniel at datorrey dot net Quoting Joe Hertz [EMAIL PROTECTED]: Of course, right after I send it, I find the updated bug report under Commons Validator, still open: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652 -Original Message- From: Joe Hertz [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2003 6:55 AM To: 'Struts Users Mailing List' Subject: Password Validation MinLength not checked, not going to be? Depends=required,minlength doesn't work (despite the example in SIA and all over the net now...). According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 this bug is marked as WontFix as Password fields are deliberately not checked in this way for security reasons Should I interpret this as declarative that any javascript validation of a password length is inherently insecure I have a hard time believing that given javascript supports this in the language. People keep submitting this one, obviously not getting it (like me!). What's the logic here?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
