This should absolutely not be the case. If this is a problem on the web2py side than it is a security issue and it needs to be fixed urgently. I am not convinced this is a web2py problem anyway. Can you show use the code you use to pre-fill the random password?
On Jan 19, 6:27 am, Saurabh S <ggtestlo...@gmail.com> wrote: > Hi , i am developing an online booking system in web2py on GAE. > > The problem that i am facing is when i create an entity (client/ > volunteer/employee) in my system , i store a random password in the db > (auth_random_password()) and 'pending' in the registration key > initially. but when i enable the login (registration_key = "") for an > entity. i can login the system without typing anything in the password > field. > > also if i do request_reset_password then the login functionality is > working absolutely fine.(email as well as password is required after > request_reset_password ) > > is it neccessary that when ever an entity (client/employee/volunteer) > is created that we must do a request reset password in order for login > functionality to work properly (with email and valid password) > > Is there any solution to avoid this ? > > Please suggest on this > > Thanks in advance.