Re: Password rules with the Validator?

David Graham Fri, 04 Apr 2003 14:58:03 -0800

Validating passwords in javascript is a *very* bad idea. A hacker then has access to all your password rules and makes it easier to start guessing passwords. This is the reason validator doesn't provide a password validation.

David

From: "Raible, Matt" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Password rules with the Validator?
Date: Fri, 4 Apr 2003 15:56:57 -0700

Does anyone know of any open source packages or techniques for implementing
password rules. For instance, I need to implement the following rules for
password in my application:

Passwords must be made up of at least three (3) of the four (4) following
classes of characters: Lowercase letters, Uppercase letters, Numbers,
Special
Characters.

I can probably whip up some JavaScript for this, but I'd need server-side
code to catch if JavaScript is disabled. I'm guessing this is not possible
with regular expressions in the Validator.

Thanks,

Matt

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

_________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Password rules with the Validator?

Reply via email to