Good point, I wasn't thinking about that. Actually, probably worth
mentioning in the book (i.e., if you're using CRYPT, generally a good idea
to make it the last validator).
Anthony
On Monday, August 22, 2011 11:27:16 PM UTC-4, Massimo Di Pierro wrote:
> CRYPT is a filter and it output the ha
On Monday, August 22, 2011 10:47:05 PM UTC-4, Massimo Di Pierro wrote:
>
> You are right. check trunk, there is a solution.
>
*try: table_user[passfield].requires[-1].min_length = 0*
Why do you only reset min_length to 0 if CRYPT is the last validator in
requires? Would it be safer to specific
CRYPT is a filter and it output the hashed password. I do not see how
one could perform any other validation on the hashed string. One could
do something more sophisticated with the line below but I do not see
what case would be catching.
On Aug 22, 10:19 pm, Anthony wrote:
> On Monday, August 22
You are right. check trunk, there is a solution.
On Aug 22, 12:03 am, Jonathan Lundell wrote:
> On Aug 21, 2011, at 8:17 PM, Massimo Di Pierro wrote:
>
> > Do you suggest reverting the patch?
>
> It does break existing installations.
>
> The real fix is to enforce password-strength rules when pas
FYI, it appears this is now requiring at least a 4 character password for
'admin' (fine for production, but possibly annoying on local machine). Also,
note that if you enter a password shorter than 4 characters for 'admin', you
get no error feedback -- instead, when you later attempt to access '
On Aug 21, 2011, at 8:17 PM, Massimo Di Pierro wrote:
> Do you suggest reverting the patch?
It does break existing installations.
The real fix is to enforce password-strength rules when passwords are being
generated, but not when they're being checked.
>
> On Aug 21, 3:14 pm, Jonathan Lundel
Do you suggest reverting the patch?
On Aug 21, 3:14 pm, Jonathan Lundell wrote:
> On Aug 21, 2011, at 11:20 AM, Anthony wrote:
>
>
>
>
>
>
>
>
>
> > On Sunday, August 21, 2011 1:56:00 PM UTC-4, Jonathan Lundell wrote:
> > On Aug 21, 2011, at 9:27 AM, Jonathan Lundell wrote:
> > > On Aug 21, 2011,
I can also just go into the admin interface and change the password to
meet the new rules.
However I thought it worth pointing out that changing the default
could cause issues for live systems running on web2py with a lot of
users.
On Aug 21, 4:02 pm, Massimo Di Pierro
wrote:
> If you have the p
If you have the power to upgrade you have the power to do
db.auth_user.password.requires[0].length=0
You can also call "user/request_server_password".
Massimo
On Aug 21, 9:45 am, apple wrote:
> On trunk the password has to be over a certain length. If I try to
> login to an existing applicatio
9 matches
Mail list logo
