Thanks. -1- *>you might consider the IS_STRONG validator as well. *. What a quick and easy way to increase security of passwords, thanks for tip. This is what I love about web2py.
http://web2py.com/books/default/chapter/29/7 Example: requires = IS_STRONG(min=10, special=2, upper=2) where min is minimum length of the value special is the minimum number of required special characters special characters are any of the following !@#$%^&*(){}[]-+ upper is the minimum number of upper case characters -2- *> Note, you shouldn't need : * db.auth_user.password.requires.insert(0,IS_LENGTH(minsize=8)) - I* removed it and tested*, work well without it, the post wasn't clear to me if I need both, or just this one, -3- *>validators on login is that they leak password constraints to an attacker. (Of course, the registration form can be used to extract this information as well, but still...) * - I think I understand, when you say "*leak*"-- is it just a matter than anyone would *see* the message on the screen, ie. min 8 letters? or is there more of a technical security leak you are referring to. Thanks once again... Rob --