According to the code:
settings.password_min_length = 4
and
table[passfield].requires = [
CRYPT(key=settings.hmac_key, min_length=settings.password_min_length)]
So, isn't the minimum password length 4 by default?
Anthony
On Saturday, August 11, 2012 3:21:06 PM UTC-4, Massimo Di Pierro wrote:
>
> This was discussed once I people said there should be no default minimum
> length for password. So technically a zero length password can be inserted.
> For security reason it will not be accepted for logging anyway.
>
> db.auth_user.password.requires.insert(0,IS_LENGTH(minsize=5))
>
> On Saturday, 11 August 2012 10:26:37 UTC-5, Yarin wrote:
>>
>> The default login form does not require a password to be entered when
>> registering. Is this intentional? Seems a funny default.
>>
>> I can't figure out how to require a password.
>>
>> I added
>> db.auth_user.password.requires = IS_NOT_EMPTY(error_message=auth.messages
>> .is_empty)
>>
>> and added
>> required=True
>>
>> to the db password field definition, but it still lets me register
>> without any password...
>>
>
--
