I agree, not only they are useless, they are also pretty boring, I mean no potential flaws or unlocked doors you have to worry about. I'm glad there's finally a framework that doesn't eleminate the fun of dealing with unpredictability of its components.
I sorry though if the stupidity of my question bothered you. On Fri, Jun 6, 2008 at 10:03 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > wicket validators have been designed to work up to 90% of the time. > there is a heuristic that determines when the validator should stop > the form from submitting and when not. we find that validators that > work 100% of the time are just not as useful. > > -igor > > On Fri, Jun 6, 2008 at 10:35 AM, Sergey Podatelev > <[EMAIL PROTECTED]> wrote: > > Hello, > > > > I'm wondering, how safe is it to use a custom validator to check current > > password of the logged-in user, when he wants to change his password > (say, > > on a profile page)? > > Are there are any potential security issues that can allow user to pass a > > validation? > > > > -- > > sp > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- sp
