You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by "Niall Pemberton (JIRA)" <ji...@apache.org> on 2006/07/19 15:25:31 UTC
[jira] Updated: (VALIDATOR-151) [validator] Password validation
revealed in javascript
[ http://issues.apache.org/jira/browse/VALIDATOR-151?page=all ]
Niall Pemberton updated VALIDATOR-151:
--------------------------------------
Component/s: Routines
> [validator] Password validation revealed in javascript
> ------------------------------------------------------
>
> Key: VALIDATOR-151
> URL: http://issues.apache.org/jira/browse/VALIDATOR-151
> Project: Commons Validator
> Issue Type: Improvement
> Components: Routines
> Affects Versions: 1.1.1 (alpha)
> Environment: Operating System: other
> Platform: Other
> Reporter: David Graham
> Priority: Minor
>
> The javascript does not validate password fields for security reasons; however,
> any rules defined on a password field still show up in the javascript (they're
> just not used). The min/max length and mask properties reveal sensitive
> information about the server-side password validation structure. The best
> solution at this time is to not use validator to check password fields at all
> but we need a better solution in the long run.
> See bug# 12473 for other details.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org