You are right. but it does not need to be change within web2py. you can just do
auth.settings.table_user.password.requires=[IS_NOT_EMPTY(),CRYPT (key='bla')] you can replace IS_NOT_EMPTY with your own validator requiring complexity. key='....' forces CRYPT to use HMAC(key) instead of the naive md5. Massimo On 22 Apr, 20:35, Yannick <ytchatch...@gmail.com> wrote: > Hello mate, > I just tested the new version 1.61.4 after a small break and noticed > that the Auth API still allows the registration form to register a new > user with an empty password (In the both fields).... I was wondering > if this is how that Auth API is intend to work or it is just a small > bug. > > I did report that issue in the thread long time ago... You can see the > full description from this link below ! > > ********************************************************************************************************* > > http://groups.google.com/group/web2py/browse_thread/thread/606d279406... > > ********************************************************************************************************* > > Thanks for your attention, > > Yannick P. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
