Password Validation MinLength not checked, not going to be?
Depends=required,minlength doesn't work (despite the example in SIA and all over the net now...). According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 this bug is marked as WontFix as Password fields are deliberately not checked in this way for security reasons Should I interpret this as declarative that any javascript validation of a password length is inherently insecure I have a hard time believing that given javascript supports this in the language. People keep submitting this one, obviously not getting it (like me!). What's the logic here?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Password Validation MinLength not checked, not going to be?
Of course, right after I send it, I find the updated bug report under Commons Validator, still open: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652 -Original Message- From: Joe Hertz [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2003 6:55 AM To: 'Struts Users Mailing List' Subject: Password Validation MinLength not checked, not going to be? Depends=required,minlength doesn't work (despite the example in SIA and all over the net now...). According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 this bug is marked as WontFix as Password fields are deliberately not checked in this way for security reasons Should I interpret this as declarative that any javascript validation of a password length is inherently insecure I have a hard time believing that given javascript supports this in the language. People keep submitting this one, obviously not getting it (like me!). What's the logic here?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Password Validation MinLength not checked, not going to be?
Hmmm...don't know about depends=required,minlength, but depends=required,minlength,mask seems to be working for me. The snippet below correctly generates three different types of error messages as expected. I guess I'd agree that required,minLength is a little lame for password validation, but hey, they're your business rules... Oh, and it's minLength, not minlength. Maybe that's the problem? ^ ^ -daniel Daniel A. Torrey daniel at datorrey dot net --- snip--- // require password to be min 8 chars, at least one digit at least one alpha field property=password depends=required, minlength, mask msg name=required key=error.required/ arg0 key=error.required.password/ msg name=minlength key=error.invalid.minlength/ arg0 key=error.required.password/ arg1 name=minlength key=${var:minlength} resource=false/ var var-nameminlength/var-name var-value8/var-value /var msg name=mask key=error.invalid.password/ var var-namemask/var-name var-value ([[:alpha:]][[:digit:]])|([[:digit:]][[:alpha:]]) /var-value /var /field Quoting Joe Hertz [EMAIL PROTECTED]: Depends=required,minlength doesn't work (despite the example in SIA and all over the net now...). According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 this bug is marked as WontFix as Password fields are deliberately not checked in this way for security reasons Should I interpret this as declarative that any javascript validation of a password length is inherently insecure I have a hard time believing that given javascript supports this in the language. People keep submitting this one, obviously not getting it (like me!). What's the logic here?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Password Validation MinLength not checked, not going to be?
..and right after I send my reply, I remember that I have the html:javascript tag commented out to test server-side validations... I'd like to be able to use html:javascript to generate validations for selected fields, and let others pass through to the server-side code, for just this reason. There would have to be a way to indicate in validations.xml that for a field with depends x, y, and z, javascript should be generated for x and y and z should be validated by the server-side plugin. Anybody have any ideas about this? -daniel Daniel A. Torrey daniel at datorrey dot net Quoting Joe Hertz [EMAIL PROTECTED]: Of course, right after I send it, I find the updated bug report under Commons Validator, still open: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652 -Original Message- From: Joe Hertz [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2003 6:55 AM To: 'Struts Users Mailing List' Subject: Password Validation MinLength not checked, not going to be? Depends=required,minlength doesn't work (despite the example in SIA and all over the net now...). According to http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19595 this bug is marked as WontFix as Password fields are deliberately not checked in this way for security reasons Should I interpret this as declarative that any javascript validation of a password length is inherently insecure I have a hard time believing that given javascript supports this in the language. People keep submitting this one, obviously not getting it (like me!). What's the logic here?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]