1. There doesn't seem to be any provision for setting password policy (length, character mix) and enforcing it at the time a user registers. As currently implemented, a user can enter anything - or nothing - for a password. Something as simple as IS_NOT_EMPTY and a minimum length would help a lot. Can that be added?
2. The auth_event table logs a lot of stuff ... login, logout, register, create group, update profile, ... It doesn't, however, appear to log failed login events. Can that be added? 3. Is there any built-in mechanism for managing (e.g., cap, overwrite) growth of the auth_event table? Or is it simply up to the sys admin to keep track of it so it doesn't get out of control? 4. It's not clear to me what the purpose of the auth_permission table is. Can you explain. Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
