Good point, I wasn't thinking about that. Actually, probably worth mentioning in the book (i.e., if you're using CRYPT, generally a good idea to make it the last validator). Anthony
On Monday, August 22, 2011 11:27:16 PM UTC-4, Massimo Di Pierro wrote: > CRYPT is a filter and it output the hashed password. I do not see how > one could perform any other validation on the hashed string. One could > do something more sophisticated with the line below but I do not see > what case would be catching. > > On Aug 22, 10:19 pm, Anthony <abas...@gmail.com> wrote: > > On Monday, August 22, 2011 10:47:05 PM UTC-4, Massimo Di Pierro wrote: > > > > > You are right. check trunk, there is a solution. > > > > *try: table_user[passfield].requires[-1].min_length = 0* > > > > Why do you only reset min_length to 0 if CRYPT is the last validator in > > requires? Would it be safer to specifically check for CRYPT anywhere in > the > > requires list? > > > > Anthony
