Hello, start using web2py for a production application. Very satisfied with it!!
Just a question, I added this: custom_auth_table.password.requires = [IS_STRONG(min=8, special=2, upper=3), CRYPT()] but it seems that the validator is applied not only in the change password form but also in the "normal" login form. I don't know if this is the desired way, but it can lead to unwanted side effects, for example: at some point the administrator decide to improve the strength of the password, so the above line of code is changed for example in: (min=10, special=3, upper=4). After that many users will not be able to login again and they are all forced to change the password immediatly. I think this may problematic. second case (and this is my case...): the system have 2 distinct authorization systems. The "normal auth DB" system and an LDAP system. on the LDAP system the rules of the password are different, so a password accepted by LDAP may not be ok with the requirements of the web2py validators. In this case an LDAP user, with a "good" LDAP password could not be accepted in the web2py application, and could be problematic to explain to users that password accepted for the LDAP system are not accepted in the web2py application. Would be better to check the strength of the password only in the "change password" form? so the above rule is applied to the web2py password and not to the LDAP ones? or, if this not the desired default behaviour, is there a way to manually configure not to apply the validator on the login form? Thanks, Marvi -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.